Digital Defense Inc., a security technology and services provider, today announced that its Vulnerability Research Team (VRT) discovered a previously undisclosed vulnerability in NUUO NVRmini2 Network Video Recorder firmware. NVRmini2 firmware version 3.9.1 and prior is vulnerable to an unauthenticated remote buffer overflow that could potentially be leveraged by an attacker to execute arbitrary code on the system with root privileges. This could allow the attacker to access and/or modify the camera feeds to the NVR and change the configuration or recordings on the NVR.
Information regarding the security fixes can be obtained through NUUO. Details of the individual vulnerabilities can be found on the Digital Defense blog.
“NUUO has worked closely with our VRT to ensure a fix is available to organizations utilizing the affected firmware,” said Tom DeSot, EVP/ chief information officer at Digital Defense. “NUUO’s rapid response to the identification of the issue and collaboration has resulted in a quick resolution.”
The Digital Defense VRT regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT when coupled with the company’s hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.