The web interface contains a number of critical vulnerabilities that can be abused by unauthenticated attackers. These consist of monitoring backdoors left in the PHP files that are supposed to be used by NUUO’s engineers, hardcoded credentials, poorly sanitised input and a buffer overflow which can be abused to achieve code execution on NUUO’s devices as root, and on NETGEAR as the admin user.

Source: Full Disclosure: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

That’s a disaster! And the manufacturers are not responding!