Details of VAR-201908-0508

ID

VAR-201908-0508

CVE

CVE-2019-14701

TITLE

MicroDigital N-series camera Path traversal vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-007507

DESCRIPTION

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random. MicroDigital N-series camera Contains a path traversal vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MICRODIGITAL N-series cameras is an N-series network camera produced by Korea MICRODIGITAL Company. A path traversal vulnerability exists in the 'TZ' parameter in MICRODIGITA N-series cameras using firmware 6400.0.8.5 and earlier. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories

Trust: 1.8

sources: NVD: CVE-2019-14701 // JVNDB: JVNDB-2019-007507 // VULHUB: VHN-146674 // VULMON: CVE-2019-14701

AFFECTED PRODUCTS

vendor:	microdigital	model:	mdc-n2190v	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090w	scope:	lte	version:	6400.0.8.5	Trust: 1.8

sources: JVNDB: JVNDB-2019-007507 // NVD: CVE-2019-14701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14701
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-14701
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-454
value:	HIGH
Trust: 0.6
VULHUB:	VHN-146674
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-14701
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-14701
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-146674
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14701
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-146674 // VULMON: CVE-2019-14701 // JVNDB: JVNDB-2019-007507 // CNNVD: CNNVD-201908-454 // NVD: CVE-2019-14701

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-146674 // JVNDB: JVNDB-2019-007507 // NVD: CVE-2019-14701

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-454

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201908-454

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007507

PATCH

title:	Top Page (kr)	url:	http://www.microdigital.co.kr/	Trust: 0.8
title:	Top Page (ru)	url:	https://www.microdigital.ru/	Trust: 0.8

sources: JVNDB: JVNDB-2019-007507

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14701	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-007507	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-454	Trust: 0.7
db:	VULHUB	id:	VHN-146674	Trust: 0.1
db:	VULMON	id:	CVE-2019-14701	Trust: 0.1

sources: VULHUB: VHN-146674 // VULMON: CVE-2019-14701 // JVNDB: JVNDB-2019-007507 // CNNVD: CNNVD-201908-454 // NVD: CVE-2019-14701

REFERENCES

url:	https://pastebin.com/psyqqs1g	Trust: 2.6
url:	http://www.microdigital.co.kr/	Trust: 1.8
url:	https://www.microdigital.ru/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14701	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14701	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-146674 // VULMON: CVE-2019-14701 // JVNDB: JVNDB-2019-007507 // CNNVD: CNNVD-201908-454 // NVD: CVE-2019-14701

SOURCES

db:	VULHUB	id:	VHN-146674
db:	VULMON	id:	CVE-2019-14701
db:	JVNDB	id:	JVNDB-2019-007507
db:	CNNVD	id:	CNNVD-201908-454
db:	NVD	id:	CVE-2019-14701

LAST UPDATE DATE

2024-11-23T22:16:55.624000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146674	date:	2019-08-13T00:00:00
db:	VULMON	id:	CVE-2019-14701	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-007507	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-454	date:	2019-08-30T00:00:00
db:	NVD	id:	CVE-2019-14701	date:	2024-11-21T04:27:10.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146674	date:	2019-08-06T00:00:00
db:	VULMON	id:	CVE-2019-14701	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-007507	date:	2019-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201908-454	date:	2019-08-06T00:00:00
db:	NVD	id:	CVE-2019-14701	date:	2019-08-06T23:15:12.367