CVE-2019-14699
high-risk
Published 2019-08-06
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
Do I need to act?
~
8.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (3)
Mdc-N4090 Firmware
Mdc-N4090W Firmware
Mdc-N2190V Firmware
Affected Vendors
References (6)
Vendor Advisory
http://www.microdigital.co.kr/
Third Party Advisory
https://pastebin.com/PSyqqs1g
Vendor Advisory
https://www.microdigital.ru/
Vendor Advisory
http://www.microdigital.co.kr/
Third Party Advisory
https://pastebin.com/PSyqqs1g
Vendor Advisory
https://www.microdigital.ru/
51
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
10/34 · Low
Exposure
9/34 · Low