CVE-2019-14706 (GCVE-0-2019-14706)
Vulnerability from cvelistv5 – Published: 2019-08-06 22:23 – Updated: 2024-08-05 00:26
VLAI
EPSS
VEX
Summary
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.microdigital.ru/ | x_refsource_MISC |
| http://www.microdigital.co.kr/ | x_refsource_MISC |
| https://pastebin.com/PSyqqs1g | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microdigital.ru/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.microdigital.co.kr/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/PSyqqs1g"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T22:23:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microdigital.ru/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.microdigital.co.kr/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/PSyqqs1g"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microdigital.ru/",
"refsource": "MISC",
"url": "https://www.microdigital.ru/"
},
{
"name": "http://www.microdigital.co.kr/",
"refsource": "MISC",
"url": "http://www.microdigital.co.kr/"
},
{
"name": "https://pastebin.com/PSyqqs1g",
"refsource": "MISC",
"url": "https://pastebin.com/PSyqqs1g"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14706",
"datePublished": "2019-08-06T22:23:55.000Z",
"dateReserved": "2019-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-14706",
"date": "2026-07-16",
"epss": "0.02087",
"percentile": "0.79466"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-14706\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-08-06T23:15:12.757\",\"lastModified\":\"2024-11-21T04:27:11.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema de denegaci\u00f3n de servicio en HTTPD en las c\u00e1maras N-series de MicroDigital con versi\u00f3n de firmware hasta 6400.0.8.5. Un atacante sin autorizaci\u00f3n puede cargar un archivo en upload.php con un nombre de archivo m\u00e1s largo que 256 bytes. Esto ser\u00e1 puesto en el \u00e1rea de descarga. No se eliminar\u00e1 debido a un desbordamiento del b\u00fafer en una cadena de comando Bash.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microdigital:mdc-n4090_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6400.0.8.5\",\"matchCriteriaId\":\"2D55CED3-7FBF-49DA-8839-238BD0F12694\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microdigital:mdc-n4090:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87113142-90AD-448E-9E5B-D01B95B6EB34\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microdigital:mdc-n4090w_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6400.0.8.5\",\"matchCriteriaId\":\"2B0AB679-83C7-4A48-B1B6-538E30EE2ADC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microdigital:mdc-n4090w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB3AD88D-A959-49BB-895C-01CA2068FBDA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microdigital:mdc-n2190v_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6400.0.8.5\",\"matchCriteriaId\":\"4909796B-CF2B-4CBE-9875-E2C595BC62D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microdigital:mdc-n2190v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDC2E118-00CD-4788-9D52-E0CD9C91F26B\"}]}]}],\"references\":[{\"url\":\"http://www.microdigital.co.kr/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pastebin.com/PSyqqs1g\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.microdigital.ru/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.microdigital.co.kr/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pastebin.com/PSyqqs1g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.microdigital.ru/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…