← Advisories

NUUO CSRF Add Admin Exploit

Medium
Advisory ID
ZSL-2016-5349
Release Date
06 August 2016
Vendor
NUUO Inc. - http://www.nuuo.com
Affected Version
<=3.0.8 (NE-4160, NT-4040)
CVE
N/A
Tested On
GNU/Linux 3.0.8 (armv7l), GNU/Linux 2.6.31.8 (armv5tel), lighttpd/1.4.28, PHP/5.5.3
Summary

NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipped as a NAS, so you can enjoy the full storage benefits like easy hard drive hot-swapping and RAID functions for data protection. Choose NVR and know that your valuable video data is safe, always.

Description

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept
nuuo_csrf.htmlTXT
Disclosure Timeline
14.01.2016Vulnerability discovered.
01.02.2016Vendor contacted.
02.02.2016Vendor responds asking explanation.
03.02.2016Explained to vendor about the issues and risk.
04.02.2016Vendor ignores with confusion.
10.02.2016Sent another e-mail probe to several accounts for respond.
16.02.2016No response from the vendor.
16.04.2016Final try to get communication from the vendor and report issues.
05.08.2016No response from the vendor.
06.08.2016Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.exploit-db.com/exploits/40210/
[2]https://cxsecurity.com/issue/WLB-2016080069
[3]https://packetstormsecurity.com/files/138221
Changelog
06.08.2016Initial release
09.06.2016Added reference [1], [2] and [3]