Could allow the attacker to access and/or modify camera feeds
FOR IMMEDIATE RELEASE / PRURGENT
San Antonio, TX – November 29, 2018 – Digital Defense, Inc., a leading security technology and services provider, today announced that its Vulnerability Research Team (VRT) discovered a previously undisclosed vulnerability in NUUO NVRmini2 Network Video Recorder firmware. NVRmini2 firmware version 3.9.1 and prior is vulnerable to an unauthenticated remote buffer overflow that could potentially be leveraged by an attacker to execute arbitrary code on the system with root privileges. This could allow the attacker to access and/or modify the camera feeds to the NVR and change the configuration or recordings on the NVR.
What You Can Do
Information regarding the security fixes can be obtained through NUUO.
Details of the individual vulnerabilities can be found on the Digital Defense blog.
Tom DeSot, EVP/Chief Information Officer at Digital Defense, said, “NUUO has worked closely with our VRT to ensure a fix is available to organizations utilizing the affected firmware. NUUO’s rapid response to the identification of the issue and collaboration has resulted in a quick resolution.”
Digital Defense Research Methodology and Practices
The Digital Defense VRT regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.
About Digital Defense
Serving clients across numerous industries, Digital Defense’s innovative and leading-edge technology helps organizations safeguard sensitive data and eases the burdens associated with information security. Frontline.Cloud, the original Security SaaS platform, delivers unparalleled accuracy and efficiencies through multiple systems including Frontline Vulnerability Manager (Frontline VM™), Frontline Web Application Scanning (Frontline WAS™), Frontline Active Threat Sweep™ (Frontline ATS™) and Frontline Pen Test™, while SecurED®, the company’s security awareness training, promotes employees’ security-minded behavior. The Digital Defense Frontline suite of products, underpinned by patented technology and complemented with superior service and support, are highly-regarded by industry experts, as illustrated by the company’s designation as 2018 Global Vulnerability Management Customer Value Leadership Award, #10 ranking in Black Book Market Research's list of Compliance & Risk Management Solutions, five-star review in SC Magazine, and inclusion in CRN’s MSP 500.
Contact Digital Defense at 888-273-1412; visit www.digitaldefense.com, our blog, LinkedIn, or follow Digital_Defense on Twitter.