NUUO Firmware Disclosure

By Fortra's Digital Defense

NUUO Zero-Day Blog

Digital Defense, Inc. is disclosing a vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT).  We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.

NUUO has provided a patch for the vulnerability identified on the application. The patched application can be downloaded from NUUO's website. https://www.nuuo.com/DownloadMainpage.php

Clients who currently use Fortra Vulnerability Management platform can sweep for the presence of these issues in Fortra VM by performing a full vulnerability assessment scan or selecting CVC NUUO NVRmini2 'lite_mv' Stack Overflow (126553).

 

Details of the vulnerabilities are as follows:

Summary:

DDI-VRT-2018-22 – 'lite_mv' Remote Stack Overflow in NUUO NVRmini2 3.9.1

Details

Vulnerability

'lite_mv' Remote Stack Overflow in NUUO NVRmini2 3.9.1

Impact

Remote, unauthenticated users can execute arbitrary code on the affected system with root privileges.

Application/Version Affected

NUUO NVRmini2 firmware versions 3.9.1 and prior

Details

Sending a crafted GET request to the affected service with a URI length of 351 or greater will trigger the stack overflow. Overflowing of the stack variable, which is intended to hold the request data, results in the overwriting of stored return addresses, and with a properly crafted payload, can be leveraged to achieve arbitrary code execution.

Root Cause

Improper sanitization of user-supplied inputs and lack of length checks on data used in unsafe string operations on local stack variables.

Share This