Mdc N4090 Firmware
CVE-2019-14700
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists.
AnalysisAI
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists. Affected products include: Microdigital Mdc-N4090 Firmware, Microdigital Mdc-N4090W Firmware, Microdigital Mdc-N2190V Firmware. Version information: through 6400.0.8.5..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Mdc N4090 Firmware
View allA cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rat
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmwar
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rat
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.2
An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 becau
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today