Mdc N4090 Firmware
CVE-2019-14705
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin.
AnalysisAI
An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin. Affected products include: Microdigital Mdc-N4090 Firmware, Microdigital Mdc-N4090W Firmware, Microdigital Mdc-N2190V Firmware. Version information: through 6400.0.8.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Mdc N4090 Firmware
View allA cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rat
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated critical severity (CVSS
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmwar
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rat
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.5
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. Rated high severity (CVSS 7.2
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today