CVE-2022-23227 : NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encry

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.

Published 2022-01-14 18:15:10

Updated 2025-03-13 15:40:30

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-23227

Nuuo » Nvrmini2 Firmware
Versions up to, including, (<=) 3.11.0
cpe:2.3:o:nuuo:nvrmini2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Nuuo » Nvrmini2 » Version: N/A

CVE-2022-23227 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

NUUO NVRmini2 Devices Missing Authentication Vulnerability

CISA required action:

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

CISA description:

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.

Notes:

https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter＿NVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2022-23227

Added on 2024-12-18 Action due date 2025-01-08

Exploit prediction scoring system (EPSS) score for CVE-2022-23227

EPSS FAQ

43.51%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-23227

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-12-18
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-23227

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2022-23227

https://github.com/pedrib/PoC/blob/master/advisories/NUUO/nuuo_nvrmini_round2.mkd

PoC/nuuo_nvrmini_round2.mkd at master · pedrib/PoC · GitHub
Exploit;Third Party Advisory
https://portswigger.net/daily-swig/researcher-discloses-alleged-zero-day-vulnerabilities-in-nuuo-nvrmini2-recording-device

Researcher discloses alleged zero-day vulnerabilities in NUUO NVRmini2 recording device | The Daily Swig
Exploit;Third Party Advisory
https://news.ycombinator.com/item?id=29936569

Researcher discloses alleged zero-day vulnerabilities in NUUO NVRmini2 recording | Hacker News
Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/16044

Add exploit for NUUO NVRmini2 zero day unauth RCE as root by pedrib · Pull Request #16044 · rapid7/metasploit-framework · GitHub
Exploit;Issue Tracking;Third Party Advisory