Sign-up

ID

VAR-201908-0510


CVE

CVE-2019-14703


TITLE

MicroDigital N-series cameras Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-33863 // CNNVD: CNNVD-201908-456

DESCRIPTION

A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. MicroDigital N-series camera Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MicroDigital N-series cameras is an N-series network camera from South Korean MicroDigital company. MicroDigital N-series cameras have a cross-site request forgery vulnerability. An attacker could use this vulnerability to send an unexpected request to the server through an affected client. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user

Trust: 2.34

sources: NVD: CVE-2019-14703 // JVNDB: JVNDB-2019-007509 // CNVD: CNVD-2019-33863 // VULHUB: VHN-146676 // VULMON: CVE-2019-14703

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-33863

AFFECTED PRODUCTS

vendor:microdigitalmodel:mdc-n2190vscope:lteversion:6400.0.8.5

Trust: 1.8

vendor:microdigitalmodel:mdc-n4090scope:lteversion:6400.0.8.5

Trust: 1.8

vendor:microdigitalmodel:mdc-n4090wscope:lteversion:6400.0.8.5

Trust: 1.8

vendor:microdigitalmodel:n-series camerasscope:lteversion:<=6400.0.8.5

Trust: 0.6

sources: CNVD: CNVD-2019-33863 // JVNDB: JVNDB-2019-007509 // NVD: CVE-2019-14703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14703
value: HIGH

Trust: 1.0

NVD: CVE-2019-14703
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-33863
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-456
value: HIGH

Trust: 0.6

VULHUB: VHN-146676
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-14703
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-14703
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-33863
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-146676
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14703
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-33863 // VULHUB: VHN-146676 // VULMON: CVE-2019-14703 // JVNDB: JVNDB-2019-007509 // CNNVD: CNNVD-201908-456 // NVD: CVE-2019-14703

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-146676 // JVNDB: JVNDB-2019-007509 // NVD: CVE-2019-14703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-456

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201908-456

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007509

PATCH
title:Top Page (kr)url:http://www.microdigital.co.kr/
Trust: 0.8
title:Top Page (ru)url:https://www.microdigital.ru/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-007509

EXTERNAL IDS
db:NVDid:CVE-2019-14703
Trust: 3.2
db:JVNDBid:JVNDB-2019-007509
Trust: 0.8
db:CNNVDid:CNNVD-201908-456
Trust: 0.7
db:CNVDid:CNVD-2019-33863
Trust: 0.6
db:VULHUBid:VHN-146676
Trust: 0.1
db:VULMONid:CVE-2019-14703
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-33863 // 
            
            
            
            VULHUB: VHN-146676 // 
            
            
            
            VULMON: CVE-2019-14703 // 
            
            
            
            JVNDB: JVNDB-2019-007509 // 
            
            
            
            CNNVD: CNNVD-201908-456 // 
            
            
            
            NVD: CVE-2019-14703

REFERENCES
url:https://pastebin.com/psyqqs1g
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-14703
Trust: 2.0
url:http://www.microdigital.co.kr/
Trust: 1.8
url:https://www.microdigital.ru/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14703
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-33863 // 
            
            
            
            VULHUB: VHN-146676 // 
            
            
            
            VULMON: CVE-2019-14703 // 
            
            
            
            JVNDB: JVNDB-2019-007509 // 
            
            
            
            CNNVD: CNNVD-201908-456 // 
            
            
            
            NVD: CVE-2019-14703

SOURCES
db:CNVDid:CNVD-2019-33863
db:VULHUBid:VHN-146676
db:VULMONid:CVE-2019-14703
db:JVNDBid:JVNDB-2019-007509
db:CNNVDid:CNNVD-201908-456
db:NVDid:CVE-2019-14703

LAST UPDATE DATE
2024-11-23T22:11:56.004000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-33863date:2019-09-30T00:00:00
db:VULHUBid:VHN-146676date:2019-08-13T00:00:00
db:VULMONid:CVE-2019-14703date:2019-08-13T00:00:00
db:JVNDBid:JVNDB-2019-007509date:2019-08-14T00:00:00
db:CNNVDid:CNNVD-201908-456date:2019-08-30T00:00:00
db:NVDid:CVE-2019-14703date:2024-11-21T04:27:10.777

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-33863date:2019-09-30T00:00:00
db:VULHUBid:VHN-146676date:2019-08-06T00:00:00
db:VULMONid:CVE-2019-14703date:2019-08-06T00:00:00
db:JVNDBid:JVNDB-2019-007509date:2019-08-14T00:00:00
db:CNNVDid:CNNVD-201908-456date:2019-08-06T00:00:00
db:NVDid:CVE-2019-14703date:2019-08-06T23:15:12.557