Tenable Research, a Cyber Exposure Company, has discovered vulnerabilities, including a zero-day vulnerability, in NUUO NVRMini2 video software. The zero-day vulnerability, called Peecaboo, would allow unauthorized users to remotely view and tamper video footages by exploiting a remote code execution in the NUUO software. For example, cybercriminals could replace the live video with a static footage of the surveilled area to conceive security personnel.
NUUO is one of the leading video surveillance solution providers. The vulnerability could potentially affect more than 100 brands and 2500 camera models. NUUO has been working on a patch for the Peecaboo, but the release date is still unknown.
A bigger concern is that many users will be unaware of the vulnerability because many other vendors also adopt the NUUO software and integrate it into their products. NUUO has released a plugin to help users assess the vulnerability.
https://www.scmagazine.com/home/news/zero-day-found-in-nuuo-video-software-allowing-camera-takeover/
Leave a Reply
You must be logged in to post a comment.