An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
References
Link | Resource |
---|---|
http://www.microdigital.co.kr/ | Vendor Advisory |
https://pastebin.com/PSyqqs1g | Third Party Advisory |
https://www.microdigital.ru/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-06T22:26:55
Updated: 2019-08-06T22:26:55
Reserved: 2019-08-06T00:00:00
Link: CVE-2019-14699
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-06T23:15:12.227
Modified: 2019-08-13T18:42:54.727
Link: CVE-2019-14699
JSON object: View
Redhat Information
No data.
CWE