CVE-2018-19864

CRITICAL

NUUO NVRmini2 Firmware <= 3.9.1 - Remote Code Execution via Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19864. PoCs published by @0x00string.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in NUUO NVRMini2 3.9.1 via the 'sscanf' function. It crafts a malicious HTTP GET request with a long padding string and specific memory addresses to achieve remote code execution.

Description

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.

Exploits (1)

exploitdb WORKING POC
by @0x00string · pythonremotehardware
https://www.exploit-db.com/exploits/46960

This exploit targets a stack overflow vulnerability in NUUO NVRMini2 3.9.1 via the 'sscanf' function. It crafts a malicious HTTP GET request with a long padding string and specific memory addresses to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NUUO NVRMini2 3.9.1 and prior
No auth needed
Prerequisites: Network access to the target device · Target device running vulnerable NUUO NVRMini2 software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.nuuo.com/DownloadMainpage.php

Scores

CVSS v3 9.8
EPSS 0.2481
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119 CWE-20
Status published
Products (1)
nuuo/nvrmini2_firmware < 3.9.1
Published Dec 05, 2018
Tracked Since Feb 18, 2026