An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists.
References
Link | Resource |
---|---|
http://www.microdigital.co.kr/ | Vendor Advisory |
https://pastebin.com/PSyqqs1g | Third Party Advisory |
https://www.microdigital.ru/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-06T22:26:35
Updated: 2019-08-06T22:26:35
Reserved: 2019-08-06T00:00:00
Link: CVE-2019-14700
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-06T23:15:12.290
Modified: 2019-08-13T18:43:26.383
Link: CVE-2019-14700
JSON object: View
Redhat Information
No data.
CWE