← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-23227 — Actively Exploited: NVRmini2 Devices (NUUO)

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.

CVE IDCVE-2022-23227
VendorNUUO
ProductNVRmini2 Devices
Vulnerability nameNUUO NVRmini2 Devices Missing Authentication Vulnerability
Date added2024-12-18
Remediation due2025-01-08
Known ransomware useUnknown
Required actionThe impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
DescriptionNUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →