Critical Peekaboo Vulnerability Gives Attackers Access to CCTV Cameras



Tenable Research disclosed a pair of vulnerabilities in NUUO's Video Recorder Software which allow attackers to execute code remotely in NUUO-based IoT video surveillance systems, giving access to video feeds and recordings.

The remote code execution vulnerability has been named Peekaboo, hinting at some of the possible uses hackers could give it after compromising NUUO video surveillance IoT networks.

The first vulnerability of the pair found by Tenable Research in NUUO’s Network Video Recorder software is a critical unauthenticated stack buffer overflow, while the second one consists of a backdoor in leftover debug code.

Both vulnerabilities were evaluated and tested in the NVRMini2, NUUO's lightweight and portable NVR device with NAS functionality, and they are considered highly critical given that they can provide attackers.

No comments:

Post a Comment