Vulnerability CVE-2019-14701


Published: 2019-08-06   Modified: 2019-08-07

Description:
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Microdigital -> Mdc-n2190v firmware 
Microdigital -> Mdc-n4090 firmware 
Microdigital -> Mdc-n4090w firmware 

 References:
http://www.microdigital.co.kr/
https://pastebin.com/PSyqqs1g
https://www.microdigital.ru/

Copyright 2024, cxsecurity.com

 

Back to Top