What is CVE-2024-2995?

CVE-2024-2995 is a medium-severity vulnerability in Nuuo Camera, classified under Improper Resource Shutdown or Release. CVSS score: 5.4/10. Published 2024-03-27.

How severe is CVE-2024-2995?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Is CVE-2024-2995 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Nuuo Camera

CVE-2024-2995

A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack…

EPSS: 0.006 (43.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Nuuo Camera — versions 20240319

Weakness classification (CWE)

CWE-404 — Improper Resource Shutdown or Release

Public proof-of-concept exploits

References

VDB-258197 | NUUO Camera deletefile.php denial of service (vdb-entry, technical-description)
VDB-258197 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #301068 | NUUO Network Video Recorder Network Video Recorder Arbitrary file deletion (third-party-advisory)
h0e4a0r1t.github.io/2024/vulns/Arbitrary file deletion vulnerability exists in… (exploit)

Frequently asked questions

What is CVE-2024-2995?: CVE-2024-2995 is a medium-severity vulnerability in Nuuo Camera, classified under Improper Resource Shutdown or Release. CVSS score: 5.4/10. Published 2024-03-27.
How severe is CVE-2024-2995?: Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2024-2995 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.