NUUO offers closed-circuit television (CCTV), surveillance and video software and hardware. NUUO software and devices are commonly used for web-based video monitoring and surveillance in industries such as retail, transportation, education, government and banking. The vulnerable device, NVRMini2, is a network-attached storage device and network video recorder. Multiple camera feeds can be viewed and recorded simultaneously.

The remote code execution vulnerability especially is of particular concern. Once exploited, Peekaboo gives cyber criminals access to the control management system (CMS), exposing the credentials for all connected CCTV cameras. Using root access on the NVRMini2 device, cyber criminals could disconnect the live feeds and tamper with security footage. For example, they could replace the live feed with a static image of the surveilled area, allowing criminals to enter the premises undetected by the cameras.

nuuo ip camera software 20

Threat actors are currently actively targeting other CCTV NVRs and cameras, such as the Mirai and GafGyt malware families, which are commonly being used to compromise IoT devices. In addition, NUUO NVR devices were also specifically targeted by the Reaper IoT botnet, as we reported last year. 2ff7e9595c