NUUO CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited NUUO CVE published 2024-12-18

CVE-2022-23227

CVE-2022-23227 is a missing authentication vulnerability affecting NUUO NVRmini2 devices. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-12-18 and set a remediation due date of 2025-01-08. CISA’s note says the impacted product is end-of-life/end-of-service and users should discontinue utilization of the product. That makes retirement or replacement the primary defensive response rath [truncated]

Known exploited NUUO CVE published 2024-12-18

CVE-2018-14933

CVE-2018-14933 is an OS command injection issue affecting NUUO NVRmini devices. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-12-18, which makes it a defensive priority. The CISA entry states the impacted product is end-of-life or end-of-service and advises users to discontinue utilization of the product. The KEV due date is 2025-01-08.