NUUO NVRmini 2 Local File Inclusion Scanner

NUUO NVRmini 2 is a network video recorder commonly used in surveillance systems by security professionals and organizations that require reliable video management solutions. It is designed to facilitate video recording, management, and analytics, primarily in institutional environments like schools, hospitals, and commercial enterprises. The software allows users to monitor real-time video feeds and recordings from multiple camera sources. It is particularly valued for its stability, ease of integration, and robust feature set, making it a popular choice for security management. Users depend on its capabilities to enhance situational awareness and respond to incidents effectively. Typically deployed in environments where security is imperative, the product serves critical roles in ensuring safety and operational efficiency.

Local File Inclusion (LFI) is a vulnerability that allows an attacker to include files on a server through a web browser. The inclusion vulnerability typically occurs due to insufficient validation of file paths supplied by users. This can lead to unauthorized viewing of sensitive files or execution of local scripts. The vulnerability can be particularly severe, as it may give attackers the ability to execute arbitrary code. Consequently, it poses a significant threat to the integrity of the affected system. When exploited, LFI can compromise confidential data and potentially overrun system resources.

Technical details of the vulnerability involve the improper validation of file paths within the NUUO NVRmini 2 product, specifically when parsing CSS files. The vulnerable end point appears to be 'css_parser.php,' which improperly handles input parameters, allowing for file inclusion. The parameter 'css' in the URL path is the vulnerable parameter, which an attacker can manipulate to access unauthorized files. Successful exploitation requires crafted requests to pass malicious input as this parameter, gaining access to local files. The vulnerability mostly affects server-side scripts, potentially exposing internal functionalities to attackers.

The exploitation of this vulnerability can result in various harmful effects such as unauthorized access to critical system files and application directories, leading to further information disclosure. Malicious individuals could leverage this access to execute arbitrary code, potentially diverting the application’s normal behavior. System integrity and data confidentiality could be severely compromised, leading to service disruptions. Furthermore, unauthorized access and file inclusion can serve as a springboard for more sophisticated attacks, elevating privileges or propagating malware.

REFERENCES

• https://www.exploit-db.com/exploits/40211