CVE-2022-23227 — Actively Exploited: NVRmini2 Devices (NUUO)
NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.
| CVE ID | CVE-2022-23227 |
|---|---|
| Vendor | NUUO |
| Product | NVRmini2 Devices |
| Vulnerability name | NUUO NVRmini2 Devices Missing Authentication Vulnerability |
| Date added | 2024-12-18 |
| Remediation due | 2025-01-08 |
| Known ransomware use | Unknown |
| Required action | The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. |
| Description | NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →