Connect with us

Hi, what are you looking for?

Cyber Security

Researcher Discloses Alleged Zero-Day Vulnerabilities In NUUO NVRmini2 Recording Device

A critical ‘zero-day’ vulnerability in network video recording equipment made by NUUO has been made public, as a researcher claims unpatched issues could lead to remote code execution (RCE).

Discovered by Agile Information Security founder Pedro Ribeiro, the issues have allegedly been present in the NUUO NVRmini2 device since 2016.

NVRmini2 is a network video recorder (NVR) from Taiwanese vendor NUU that is able to record and store security footage in a digital format.

Ribeiro claims he disclosed command injection and stack overflow vulnerabilities in NVRmini2 six years ago. At the time, Ribeiro said that the product had “terrible security” – and if his claims are true, then nothing has changed for the better.

“Both vulnerabilities disclosed were found during my 2016 audit,” Ribeiro told The Daily Swig. “However, at the time, I found so many other vulnerabilities that I actually forgot to report these – until in 2019 when I rediscovered my notes and reported it to them.”

Unpatched issues

As documented on GitHub, there are apparently two unpatched vulnerabilities. The first, yet to be assigned a CVE but considered critical, is a missing authentication method on a critical function in NVRmini2 firmware.

The handle_import_user.php function for every firmware version up to and including the latest build lacks adequate protections to stop unauthenticated users from accessing the script, claims Ribeiro.

The second alleged vulnerability is the use of a legacy version of BusyBox, a Unix utilities package. This version is impacted by a range of bugs including CVE-2011-5325, a path traversal flaw that allows remote attackers to point to files outside of the current, working directory.

By abusing the HTTP POST mechanism and crafting malicious tar archives, it is possible to chain the vulnerabilities in order to drop a webshell and execute commands as root, says Ribeiro.

In addition to the disclosure, the researcher has released a Metasploit module which packages up the vulnerability chain described in the advisory.

The Proof-of-Concept (PoC) code is said to work on most firmware versions with the exception of those older than version 2.0.0 – although alternative techniques can be used on legacy software versions.

At the time of writing, the vulnerabilities remain unpatched on the latest firmware version, v.03.11.0000.0016, despite the researcher claiming he made multiple attempts to disclose them. No official fix is available.

Mitigating risks

The researcher recommends that NVRmini2 device owners keep their products away from untrusted networks as a way to mitigate the risk of exploitation.

Aside from that, using Ribeiro’s own exploit and deleting the handle_import.user.php function may fix the issue, but this is not guaranteed.

“During the disclosure process, even after multiple attempts, they didn’t really seem to understand the vulnerability,” Ribeiro commented.

Advertisement. Scroll to continue reading.

“We explained it to them several times, and they seemed completely clueless. They were quite nice and pleasant to deal with it in terms of manners and how they treated us, but technically clueless.”

The Daily Swig has reached out to NUUO for comment but has not heard back at the time of publication. We will update this article as and when we hear back.

Source: https://portswigger.net/daily-swig/researcher-discloses-alleged-zero-day-vulnerabilities-in-nuuo-nvrmini2-recording-device

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in the Android platform that...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO