Mdc N4090 Firmware
CVE-2019-14703
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account.
AnalysisAI
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account. Affected products include: Microdigital Mdc-N4090 Firmware, Microdigital Mdc-N4090W Firmware, Microdigital Mdc-N2190V Firmware. Version information: through 6400.0.8.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
More in Mdc N4090 Firmware
View allA cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rat
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rat
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.2
An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 becau
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today