News
News & events
Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder
2018-09-19

Tenable Research has discovered a critical vulnerability named Peekaboo permitting remote code execution in IoT network video recorders for video surveillance systems that would allow attackers to remotely view feeds and tamper with recordings. On September 19, NUUO released version 3.9.1 to address the Peekaboo vulnerability. Affected users are urged to update their NVRMini2 devices as soon as possible. 


Tenable Research discovered two vulnerabilities in NUUO’s Network Video Recorder software. The first is a critical unauthenticated stack buffer overflow and the second is a backdoor in leftover debug code. These vulnerabilities were assessed and tested in the NVRMini2, a network-attached storage device and network video recorder.