Vulnerability CVE-2019-14699
Published: 2019-08-06   Modified: 2019-08-07

Description:
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.

Type:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microdigital -> Mdc-n2190v firmware 
Microdigital -> Mdc-n4090 firmware 
Microdigital -> Mdc-n4090w firmware 

 References:
http://www.microdigital.co.kr/
https://pastebin.com/PSyqqs1g
https://www.microdigital.ru/
Copyright 2024, cxsecurity.com

 

Back to Top