The NUUO NVRmini 2 is a small and portable NVR having NAS capabilities. A file disclosure vulnerability exists in NUUO NVRmini, NVRmini2, Crystal, and NVRSolo. when input passes through the ‘css’ parameter to ‘css_parser.php’ script is not appropriately verified before being used to include files. This can be used to reveal the contents of files stored on local resources.
In order to patch this vulnerability, Update NUUO NVRmini 2 to latest version.