CVE-2019-14704

Published: Aug 6, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field.

Affected (3)

Products: Microdigital: Mdc N4090 Firmware, Mdc N4090w Firmware, Mdc N2190v Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microdigital Mdc N4090 Firmware	Up to 6400.0.8.5

Running on/with	Platform Versions
Microdigital Mdc N4090	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microdigital Mdc N4090w Firmware	Up to 6400.0.8.5

Running on/with	Platform Versions
Microdigital Mdc N4090w	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microdigital Mdc N2190v Firmware	Up to 6400.0.8.5

Running on/with	Platform Versions
Microdigital Mdc N2190v	All versions

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

http://www.microdigital.co.kr/

Source: cve@mitre.org

Vendor Advisory

https://pastebin.com/PSyqqs1g

Source: cve@mitre.org

Third Party Advisory

https://www.microdigital.ru/

Source: cve@mitre.org

Vendor Advisory

http://www.microdigital.co.kr/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://pastebin.com/PSyqqs1g

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.microdigital.ru/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.