CVE-2019-9653

CRITICAL

NUUO Network Video Recorder <3.3.x - RCE

Title source: llm

Description

NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.

Exploits (1)

nomisec WRITEUP

by grayoneday · poc

https://github.com/grayoneday/CVE-2019-9653

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/grayoneday/CVE-2019-9653

[Third Party Advisory] https://www.nccst.nat.gov.tw/NewsRSS?lang=en&RSSType=mssecurity

[Product, Vendor Advisory] https://www.nuuo.com/DownloadMainpage.php

Scores

CVSS v3 9.8

EPSS 0.6925

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

nuuo/network_video_recorder_firmware 1.7.0 - 3.3.0

Published May 31, 2019

Tracked Since Feb 18, 2026