NUUO, a Taiwan-based provider of video surveillance hardware and software that OEMs to more than 100 partners, has released a patch after Tenable Research found vulnerabilities in NVR software used in the NUUO NVRMini2 that might allow unauthorised viewing of remote video streams.
According to Tenable Research, its team found 2 vulnerabilities – the first was an unauthenticated stack buffer overflow, and the second was a backdoor in leftover debug code.
“Once exploited, Peekaboo gives cyber criminals access to the control management system (CMS), exposing the credentials for all connected CCTV cameras,” said Tenable researchers.
“Using root access on the NVRMini2 device, cyber criminals could disconnect the live feeds and tamper with security footage. For example, they could replace the live feed with a static image of the surveilled area, allowing criminals to enter the premises undetected by the cameras.”
Most video surveillance manufacturers have experienced issues with code vulnerabilities over the last 3-4 years.
You can download the patch here.