Details of VAR-201908-0507

ID

VAR-201908-0507

CVE

CVE-2019-14700

TITLE

MicroDigital N-series camera Path traversal vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-007512

DESCRIPTION

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists. MicroDigital N-series camera Contains a path traversal vulnerability.Information may be obtained. MicroDigital N-series cameras is an N-series network camera from South Korean MicroDigital company. An attacker could use this vulnerability to access locations outside the restricted directory. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths

Trust: 2.25

sources: NVD: CVE-2019-14700 // JVNDB: JVNDB-2019-007512 // CNVD: CNVD-2019-33865 // VULHUB: VHN-146673

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-33865

AFFECTED PRODUCTS

vendor:	microdigital	model:	mdc-n2190v	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090w	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	n-series cameras	scope:	lte	version:	<=6400.0.8.5	Trust: 0.6

sources: CNVD: CNVD-2019-33865 // JVNDB: JVNDB-2019-007512 // NVD: CVE-2019-14700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14700
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-14700
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-33865
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-453
value:	HIGH
Trust: 0.6
VULHUB:	VHN-146673
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-14700
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-33865
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-146673
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14700
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-33865 // VULHUB: VHN-146673 // JVNDB: JVNDB-2019-007512 // CNNVD: CNNVD-201908-453 // NVD: CVE-2019-14700

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-146673 // JVNDB: JVNDB-2019-007512 // NVD: CVE-2019-14700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-453

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201908-453

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007512

PATCH

title:	Top Page (kr)	url:	http://www.microdigital.co.kr/	Trust: 0.8
title:	Top Page (ru)	url:	https://www.microdigital.ru/	Trust: 0.8

sources: JVNDB: JVNDB-2019-007512

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14700	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-007512	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-453	Trust: 0.7
db:	CNVD	id:	CNVD-2019-33865	Trust: 0.6
db:	VULHUB	id:	VHN-146673	Trust: 0.1

sources: CNVD: CNVD-2019-33865 // VULHUB: VHN-146673 // JVNDB: JVNDB-2019-007512 // CNNVD: CNNVD-201908-453 // NVD: CVE-2019-14700

REFERENCES

url:	https://pastebin.com/psyqqs1g	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14700	Trust: 2.0
url:	http://www.microdigital.co.kr/	Trust: 1.7
url:	https://www.microdigital.ru/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14700	Trust: 0.8

sources: CNVD: CNVD-2019-33865 // VULHUB: VHN-146673 // JVNDB: JVNDB-2019-007512 // CNNVD: CNNVD-201908-453 // NVD: CVE-2019-14700

SOURCES

db:	CNVD	id:	CNVD-2019-33865
db:	VULHUB	id:	VHN-146673
db:	JVNDB	id:	JVNDB-2019-007512
db:	CNNVD	id:	CNNVD-201908-453
db:	NVD	id:	CVE-2019-14700

LAST UPDATE DATE

2024-11-23T22:58:37.045000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-33865	date:	2019-09-30T00:00:00
db:	VULHUB	id:	VHN-146673	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-007512	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-453	date:	2019-08-30T00:00:00
db:	NVD	id:	CVE-2019-14700	date:	2024-11-21T04:27:10.347

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-33865	date:	2019-09-30T00:00:00
db:	VULHUB	id:	VHN-146673	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-007512	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-453	date:	2019-08-06T00:00:00
db:	NVD	id:	CVE-2019-14700	date:	2019-08-06T23:15:12.290