NUUO Firmware Vulnerabilities Disclosed by Digital Defense Inc. Researchers
Digital Defense Inc., a security technology and services provider, today announced that its Vulnerability Research Team (VRT) discovered a previously undisclosed vulnerability in NUUO NVRmini2 Network Video Recorder firmware. NVRmini2 firmware version 3.9.1 and prior is vulnerable to an unauthenticated remote buffer overflow that could potentially be leveraged by an attacker to execute arbitrary code on the system with root privileges. This could allow the attacker to access and/or modify the camera feeds to the NVR and change the configuration or recordings on the NVR.
Information regarding the security fixes can be obtained through NUUO. Details of the individual vulnerabilities can be found on the Digital Defense blog.