THREATOPS
THREAT OPSCVEs › CVE-2022-23227

CVE-2022-23227 — NUUO NVRmini2 Devices Missing Authentication Vulnerability

CISA KEVExploited: confirmedNUUO

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.

Vulnerability details