CVE-2019-14699

Published Aug 6, 2019

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microdigital:mdc-n4090_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D55CED3-7FBF-49DA-8839-238BD0F12694",
            "versionEndIncluding": "6400.0.8.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:microdigital:mdc-n4090:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87113142-90AD-448E-9E5B-D01B95B6EB34"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microdigital:mdc-n4090w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B0AB679-83C7-4A48-B1B6-538E30EE2ADC",
            "versionEndIncluding": "6400.0.8.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:microdigital:mdc-n4090w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AB3AD88D-A959-49BB-895C-01CA2068FBDA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microdigital:mdc-n2190v_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4909796B-CF2B-4CBE-9875-E2C595BC62D9",
            "versionEndIncluding": "6400.0.8.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:microdigital:mdc-n2190v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CDC2E118-00CD-4788-9D52-E0CD9C91F26B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References