## https://sploitus.com/exploit?id=193DC0AC-1033-59D3-BF17-BAFB42F8C93C
# CVE-2025-1338
This repository contains a proof-of-concept exploit script for CVE-2025-1338
1.Introduction to NUUO-Camera
NUUO camera is a network video recorder (NVR) produced by NUUO Company in Taiwan Province, China. It is widely used in many fields such as retail, transportation, education, government and banking.
2.Introduction to the vulnerability
NUUO Camera 20250203 and earlier has an injection vulnerability, which originates from command injection in handle_config.php and __debugging_center_utils___.php with parameter log.
โข First inclusion: February 16, 2025
โข Impact version: version<=20250203
โข Exploit number: CVE-2025-1338
3.Use
Example:
python CVE-2025-1338.py -f url.txt -t 100
Parameter description:
- `-f / --file`: Required. Path to the file containing the list of target URLs (one URL per line, supports both http and https).
- `-t / --threads`: Optional. Number of concurrent threads for detection. Default value is 10 (it is recommended not to exceed 200).
- `-o / --output`: Optional. Path to the output file for saving results. Default file name is "nuao_rce_results.txt" (only saves targets with vulnerabilities).
- `-v / --version`: Optional. Displays the help information for the script (same function as --help).