An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
References
Link | Resource |
---|---|
http://www.microdigital.co.kr/ | Vendor Advisory |
https://pastebin.com/PSyqqs1g | Third Party Advisory |
https://www.microdigital.ru/ | Vendor Advisory |
http://www.microdigital.co.kr/ | Vendor Advisory |
https://pastebin.com/PSyqqs1g | Third Party Advisory |
https://www.microdigital.ru/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 04:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.microdigital.co.kr/ - Vendor Advisory | |
References | () https://pastebin.com/PSyqqs1g - Third Party Advisory | |
References | () https://www.microdigital.ru/ - Vendor Advisory |
Information
Published : 2019-08-06 23:15
Updated : 2024-11-21 04:27
NVD link : CVE-2019-14699
Mitre link : CVE-2019-14699
CVE.ORG link : CVE-2019-14699
JSON object : View
Products Affected
microdigital
- mdc-n4090w
- mdc-n4090
- mdc-n2190v
- mdc-n4090w_firmware
- mdc-n4090_firmware
- mdc-n2190v_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')