CVE-2019-14699

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
References
Link Resource
http://www.microdigital.co.kr/ Vendor Advisory
https://pastebin.com/PSyqqs1g Third Party Advisory
https://www.microdigital.ru/ Vendor Advisory
http://www.microdigital.co.kr/ Vendor Advisory
https://pastebin.com/PSyqqs1g Third Party Advisory
https://www.microdigital.ru/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microdigital:mdc-n4090_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n4090:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:microdigital:mdc-n4090w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n4090w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:microdigital:mdc-n2190v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n2190v:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:27

Type Values Removed Values Added
References () http://www.microdigital.co.kr/ - Vendor Advisory () http://www.microdigital.co.kr/ - Vendor Advisory
References () https://pastebin.com/PSyqqs1g - Third Party Advisory () https://pastebin.com/PSyqqs1g - Third Party Advisory
References () https://www.microdigital.ru/ - Vendor Advisory () https://www.microdigital.ru/ - Vendor Advisory

Information

Published : 2019-08-06 23:15

Updated : 2024-11-21 04:27


NVD link : CVE-2019-14699

Mitre link : CVE-2019-14699

CVE.ORG link : CVE-2019-14699


JSON object : View

Products Affected

microdigital

  • mdc-n4090w
  • mdc-n4090
  • mdc-n2190v
  • mdc-n4090w_firmware
  • mdc-n4090_firmware
  • mdc-n2190v_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')