CVE-2019-14701 (GCVE-0-2019-14701)
Vulnerability from cvelistv5 – Published: 2019-08-06 22:26 – Updated: 2024-08-05 00:26
VLAI
EPSS
VEX
Summary
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.microdigital.ru/ | x_refsource_MISC |
| http://www.microdigital.co.kr/ | x_refsource_MISC |
| https://pastebin.com/PSyqqs1g | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microdigital.ru/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.microdigital.co.kr/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/PSyqqs1g"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T22:26:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microdigital.ru/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.microdigital.co.kr/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/PSyqqs1g"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microdigital.ru/",
"refsource": "MISC",
"url": "https://www.microdigital.ru/"
},
{
"name": "http://www.microdigital.co.kr/",
"refsource": "MISC",
"url": "http://www.microdigital.co.kr/"
},
{
"name": "https://pastebin.com/PSyqqs1g",
"refsource": "MISC",
"url": "https://pastebin.com/PSyqqs1g"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14701",
"datePublished": "2019-08-06T22:26:19.000Z",
"dateReserved": "2019-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:38.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-14701",
"date": "2026-07-17",
"epss": "0.02254",
"percentile": "0.80966"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-14701\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-08-06T23:15:12.367\",\"lastModified\":\"2024-11-21T04:27:10.500\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en las c\u00e1maras N-series de MicroDigital con versi\u00f3n de firmware hasta 6400.0.8.5. Un atacante puede desencadenar operaciones de lectura sobre un archivo arbitrario mediante un Salto de Ruta (Path) en el par\u00e1metro TZ, pero no se pueden recuperar los datos que se leen. Esto causa una denegaci\u00f3n de servicio si el nombre de archivo es, por ejemplo, /dev/random.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microdigital:mdc-n4090_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6400.0.8.5\",\"matchCriteriaId\":\"2D55CED3-7FBF-49DA-8839-238BD0F12694\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microdigital:mdc-n4090:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87113142-90AD-448E-9E5B-D01B95B6EB34\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microdigital:mdc-n4090w_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6400.0.8.5\",\"matchCriteriaId\":\"2B0AB679-83C7-4A48-B1B6-538E30EE2ADC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microdigital:mdc-n4090w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB3AD88D-A959-49BB-895C-01CA2068FBDA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microdigital:mdc-n2190v_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6400.0.8.5\",\"matchCriteriaId\":\"4909796B-CF2B-4CBE-9875-E2C595BC62D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microdigital:mdc-n2190v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDC2E118-00CD-4788-9D52-E0CD9C91F26B\"}]}]}],\"references\":[{\"url\":\"http://www.microdigital.co.kr/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pastebin.com/PSyqqs1g\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.microdigital.ru/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.microdigital.co.kr/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pastebin.com/PSyqqs1g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.microdigital.ru/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…