CVE-2019-9653

CRITICAL

NUUO Network Video Recorder <3.3.x - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-9653. PoCs published by grayoneday.

AI-analyzed exploit summary This repository contains a writeup for CVE-2019-9653, detailing an unauthenticated remote code execution vulnerability in NUUO NVR systems due to lack of input validation in PHP scripts. The vulnerability affects firmware versions 1.7.x to 3.3.x and allows command execution as root.

Description

NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.

Exploits (1)

nomisec WRITEUP
by grayoneday · poc
https://github.com/grayoneday/CVE-2019-9653

This repository contains a writeup for CVE-2019-9653, detailing an unauthenticated remote code execution vulnerability in NUUO NVR systems due to lack of input validation in PHP scripts. The vulnerability affects firmware versions 1.7.x to 3.3.x and allows command execution as root.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NUUO NVR firmware versions 1.7.x to 3.3.x
No auth needed
Prerequisites: Network access to the vulnerable NUUO NVR web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www.nuuo.com/DownloadMainpage.php
Exploit, Third Party Advisory x_refsource_misc
https://github.com/grayoneday/CVE-2019-9653

Scores

CVSS v3 9.8
EPSS 0.1149
EPSS Percentile 95.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
nuuo/network_video_recorder_firmware 1.7.0 - 3.3.0
Published May 31, 2019
Tracked Since Feb 18, 2026