Details of VAR-201908-0505

ID

VAR-201908-0505

CVE

CVE-2019-14698

TITLE

MicroDigital N-series camera Buffer error vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-007510

DESCRIPTION

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account. MicroDigital N-series camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MICRODIGITAL N-series cameras is an N-series network camera produced by Korea MICRODIGITAL Company. A buffer error vulnerability exists in the 'param' parameter in MICRODIGITAL N-series cameras using firmware 6400.0.8.5 and earlier. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2019-14698 // JVNDB: JVNDB-2019-007510 // VULHUB: VHN-146670 // VULMON: CVE-2019-14698

AFFECTED PRODUCTS

vendor:	microdigital	model:	mdc-n2190v	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090w	scope:	lte	version:	6400.0.8.5	Trust: 1.8

sources: JVNDB: JVNDB-2019-007510 // NVD: CVE-2019-14698

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14698
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-14698
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201908-451
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-146670
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-14698
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-14698
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-146670
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14698
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-146670 // VULMON: CVE-2019-14698 // JVNDB: JVNDB-2019-007510 // CNNVD: CNNVD-201908-451 // NVD: CVE-2019-14698

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-146670 // JVNDB: JVNDB-2019-007510 // NVD: CVE-2019-14698

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-451

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-451

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007510

PATCH

title:	Top Page (kr)	url:	http://www.microdigital.co.kr/	Trust: 0.8
title:	Top Page (ru)	url:	https://www.microdigital.ru/	Trust: 0.8

sources: JVNDB: JVNDB-2019-007510

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14698	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-007510	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-451	Trust: 0.7
db:	VULHUB	id:	VHN-146670	Trust: 0.1
db:	VULMON	id:	CVE-2019-14698	Trust: 0.1

sources: VULHUB: VHN-146670 // VULMON: CVE-2019-14698 // JVNDB: JVNDB-2019-007510 // CNNVD: CNNVD-201908-451 // NVD: CVE-2019-14698

REFERENCES

url:	https://pastebin.com/psyqqs1g	Trust: 2.6
url:	http://www.microdigital.co.kr/	Trust: 1.8
url:	https://www.microdigital.ru/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14698	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14698	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/165079	Trust: 0.1

sources: VULHUB: VHN-146670 // VULMON: CVE-2019-14698 // JVNDB: JVNDB-2019-007510 // CNNVD: CNNVD-201908-451 // NVD: CVE-2019-14698

SOURCES

db:	VULHUB	id:	VHN-146670
db:	VULMON	id:	CVE-2019-14698
db:	JVNDB	id:	JVNDB-2019-007510
db:	CNNVD	id:	CNNVD-201908-451
db:	NVD	id:	CVE-2019-14698

LAST UPDATE DATE

2024-11-23T22:33:48.171000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146670	date:	2019-08-13T00:00:00
db:	VULMON	id:	CVE-2019-14698	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-007510	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-451	date:	2019-08-30T00:00:00
db:	NVD	id:	CVE-2019-14698	date:	2024-11-21T04:27:10.023

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146670	date:	2019-08-06T00:00:00
db:	VULMON	id:	CVE-2019-14698	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-007510	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-451	date:	2019-08-06T00:00:00
db:	NVD	id:	CVE-2019-14698	date:	2019-08-06T23:15:12.133