CVE-2025-1338

HIGH EXPLOITED NUCLEI

NUUO Camera <20250203 - Command Injection

Title source: llm

Exploitation Summary

CVE-2025-1338 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including iSee857, jxcaxtc. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2026-22812, demonstrating remote command execution (RCE) via crafted JSON payloads to an OpenCode session endpoint. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for command output containing 'uid=' and 'gid='.

Description

A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (2)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/Nuuo_CVE-2025-1338_RCE.py

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2026-22812, demonstrating remote command execution (RCE) via crafted JSON payloads to an OpenCode session endpoint. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for command output containing 'uid=' and 'gid='.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenCode (version not specified)

No auth needed

Prerequisites: Network access to target · OpenCode service exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

github WORKING POC 2 stars

by jxcaxtc · pythonremote

https://github.com/jxcaxtc/CVE-2025-1338

View Code ZIP pw:eip

The repository contains a functional Python script that exploits a command injection vulnerability in NUUO Camera's __debugging_center_utils___.php via the 'log' parameter. The script performs batch vulnerability detection with multi-threading and verifies exploitation by checking for 'uid=' and 'gid=' in the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NUUO Camera <= 20250203

No auth needed

Prerequisites: Target URL list · Network access to vulnerable NUUO Camera

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

NUUO Camera <=20250203 - OS Command Injection

CRITICALVERIFIEDby Ark

Shodan: http.title:"Network Video Recorder Login"

FOFA: title="Network Video Recorder Login" || body="www.nuuo.com"

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.295954

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.295954

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.493912

Various Sources exploit

https://pan.baidu.com/s/1YW52iM0ehUfFKa_CiTHBjQ?from=init&pwd=kqec

Scores

CVSS v3 7.3

EPSS 0.1249

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2026-04-09

CWE

CWE-74 CWE-77

Status published

Products (1)

NUUO/Camera 20250203

Published Feb 16, 2025

Tracked Since Feb 18, 2026