Details of VAR-201908-0506

ID

VAR-201908-0506

CVE

CVE-2019-14699

TITLE

MicroDigital N-series camera In the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007511

DESCRIPTION

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server. MicroDigital N-series camera The firmware of OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MicroDigital N-series cameras is an N-series network camera from South Korean MicroDigital company. MicroDigital N-series cameras have an operating system command injection vulnerability. An attacker could use this vulnerability to execute illegal operating system commands. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data

Trust: 2.25

sources: NVD: CVE-2019-14699 // JVNDB: JVNDB-2019-007511 // CNVD: CNVD-2019-33860 // VULHUB: VHN-146671

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-33860

AFFECTED PRODUCTS

vendor:	microdigital	model:	mdc-n2190v	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090w	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	n-series cameras	scope:	lte	version:	<=6400.0.8.5	Trust: 0.6

sources: CNVD: CNVD-2019-33860 // JVNDB: JVNDB-2019-007511 // NVD: CVE-2019-14699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14699
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-14699
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-33860
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201908-452
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-146671
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-14699
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-33860
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-146671
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14699
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-33860 // VULHUB: VHN-146671 // JVNDB: JVNDB-2019-007511 // CNNVD: CNNVD-201908-452 // NVD: CVE-2019-14699

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-146671 // JVNDB: JVNDB-2019-007511 // NVD: CVE-2019-14699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-452

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201908-452

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007511

PATCH

title:	Top Page (kr)	url:	http://www.microdigital.co.kr/	Trust: 0.8
title:	Top Page (ru)	url:	https://www.microdigital.ru/	Trust: 0.8

sources: JVNDB: JVNDB-2019-007511

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14699	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-007511	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-452	Trust: 0.7
db:	CNVD	id:	CNVD-2019-33860	Trust: 0.6
db:	VULHUB	id:	VHN-146671	Trust: 0.1

sources: CNVD: CNVD-2019-33860 // VULHUB: VHN-146671 // JVNDB: JVNDB-2019-007511 // CNNVD: CNNVD-201908-452 // NVD: CVE-2019-14699

REFERENCES

url:	https://pastebin.com/psyqqs1g	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14699	Trust: 2.0
url:	http://www.microdigital.co.kr/	Trust: 1.7
url:	https://www.microdigital.ru/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14699	Trust: 0.8

sources: CNVD: CNVD-2019-33860 // VULHUB: VHN-146671 // JVNDB: JVNDB-2019-007511 // CNNVD: CNNVD-201908-452 // NVD: CVE-2019-14699

SOURCES

db:	CNVD	id:	CNVD-2019-33860
db:	VULHUB	id:	VHN-146671
db:	JVNDB	id:	JVNDB-2019-007511
db:	CNNVD	id:	CNNVD-201908-452
db:	NVD	id:	CVE-2019-14699

LAST UPDATE DATE

2024-11-23T22:44:55.831000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-33860	date:	2019-09-30T00:00:00
db:	VULHUB	id:	VHN-146671	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-007511	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-452	date:	2019-08-30T00:00:00
db:	NVD	id:	CVE-2019-14699	date:	2024-11-21T04:27:10.190

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-33860	date:	2019-09-30T00:00:00
db:	VULHUB	id:	VHN-146671	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-007511	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-452	date:	2019-08-06T00:00:00
db:	NVD	id:	CVE-2019-14699	date:	2019-08-06T23:15:12.227