Details of VAR-201908-0512

ID

VAR-201908-0512

CVE

CVE-2019-14705

TITLE

MicroDigital N-series camera Vulnerabilities related to access control in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-007594

DESCRIPTION

An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin. MicroDigital N-series camera There is an access control vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MicroDigital N-series cameras is an N-series network camera from South Korean MicroDigital company. MicroDigital N-series cameras have an access control error vulnerability. No detailed vulnerability details are provided at this time. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 2.25

sources: NVD: CVE-2019-14705 // JVNDB: JVNDB-2019-007594 // CNVD: CNVD-2019-33869 // VULHUB: VHN-146678

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-33869

AFFECTED PRODUCTS

vendor:	microdigital	model:	mdc-n2190v	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	mdc-n4090w	scope:	lte	version:	6400.0.8.5	Trust: 1.8
vendor:	microdigital	model:	n-series cameras	scope:	lte	version:	<=6400.0.8.5	Trust: 0.6

sources: CNVD: CNVD-2019-33869 // JVNDB: JVNDB-2019-007594 // NVD: CVE-2019-14705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14705
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-14705
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-33869
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-458
value:	HIGH
Trust: 0.6
VULHUB:	VHN-146678
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-14705
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-33869
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-146678
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14705
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-33869 // VULHUB: VHN-146678 // JVNDB: JVNDB-2019-007594 // CNNVD: CNNVD-201908-458 // NVD: CVE-2019-14705

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-146678 // JVNDB: JVNDB-2019-007594 // NVD: CVE-2019-14705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-458

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-458

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007594

PATCH

title:	Top Page (kr)	url:	http://www.microdigital.co.kr/	Trust: 0.8
title:	Top Page (ru)	url:	https://www.microdigital.ru/	Trust: 0.8

sources: JVNDB: JVNDB-2019-007594

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14705	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-007594	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-458	Trust: 0.7
db:	CNVD	id:	CNVD-2019-33869	Trust: 0.6
db:	VULHUB	id:	VHN-146678	Trust: 0.1

sources: CNVD: CNVD-2019-33869 // VULHUB: VHN-146678 // JVNDB: JVNDB-2019-007594 // CNNVD: CNNVD-201908-458 // NVD: CVE-2019-14705

REFERENCES

url:	https://pastebin.com/psyqqs1g	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14705	Trust: 2.0
url:	http://www.microdigital.co.kr/	Trust: 1.7
url:	https://www.microdigital.ru/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14705	Trust: 0.8

sources: CNVD: CNVD-2019-33869 // VULHUB: VHN-146678 // JVNDB: JVNDB-2019-007594 // CNNVD: CNNVD-201908-458 // NVD: CVE-2019-14705

SOURCES

db:	CNVD	id:	CNVD-2019-33869
db:	VULHUB	id:	VHN-146678
db:	JVNDB	id:	JVNDB-2019-007594
db:	CNNVD	id:	CNNVD-201908-458
db:	NVD	id:	CVE-2019-14705

LAST UPDATE DATE

2024-11-23T22:48:20.369000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-33869	date:	2019-09-30T00:00:00
db:	VULHUB	id:	VHN-146678	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-007594	date:	2019-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201908-458	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-14705	date:	2024-11-21T04:27:11.063

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-33869	date:	2019-09-30T00:00:00
db:	VULHUB	id:	VHN-146678	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-007594	date:	2019-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201908-458	date:	2019-08-06T00:00:00
db:	NVD	id:	CVE-2019-14705	date:	2019-08-06T23:15:12.697