CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jan 8, 2025

CVE-2022-23227

High

EPSS 47.0%CISA KEV

NUUO/NVRmini2 Devices

Description

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.

EPSS — Exploit Probability

47.0%

Higher than 97.6% of all CVEs

Required Action

https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter＿NVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2022-23227

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 47.0%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Dec 18, 2024

Added to KEV

Dec 18, 2024

Remediation Due

Jan 8, 2025

Affected Product

NUUO

NVRmini2 Devices

View all NUUO CVEs

External Links

NVD (NIST)CVE Details MITRE CVE