Mdc N4090 Firmware
CVE-2019-14701
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random.
AnalysisAI
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random. Affected products include: Microdigital Mdc-N4090 Firmware, Microdigital Mdc-N4090W Firmware, Microdigital Mdc-N2190V Firmware. Version information: through 6400.0.8.5..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Mdc N4090 Firmware
View allA cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rat
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmwar
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rat
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.2
An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 becau
Same weakness CWE-22 – Path Traversal
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today