November 20, 2018
The NCCIC has updated this advisory with additional information on the technical details of the vulnerability. NCCIC/ICS-CERT.
October 11, 2018
The NCCIC has released an advisory on use of insufficiently random values, use of obsolete function, incorrect permission assignment for critical resource, and use of hard-coded credentials vulnerabilities in NUUO CMS. Versions 3.1 and prior are affected. Successful exploitation of theses vulnerabilities could result in arbitrary remote code execution. NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.