vulnerability

NUUO NVRmini: CVE-2018-14933: Remote Command Execution (RCE)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Aug 4, 2018	Jul 3, 2025	Jul 3, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Aug 4, 2018

Added

Jul 3, 2025

Modified

Jul 3, 2025

Description

NUUO NVRmini is vulnerable to unauthenticated remote command execution through the upgrade_handle.php file. The vulnerability allows an attacker to execute arbitrary commands by manipulating the uploaddir parameter.

Solution

nuuo-nvrmini-upgrade-latest

References

CVE-2018-14933
https://attackerkb.com/topics/CVE-2018-14933
https://www.exploit-db.com/exploits/45070
https://www.cve.org/CVERecord?id=CVE-2018-14933
https://nvd.nist.gov/vuln/detail/CVE-2018-14933
CWE-78

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report