CVE-2019-14699

{"id": "CVE-2019-14699", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-08-06T23:15:12.227", "references": [{"url": "http://www.microdigital.co.kr/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://pastebin.com/PSyqqs1g", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.microdigital.ru/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server."}, {"lang": "es", "value": "Se detect\u00f3 un problema en las c\u00e1maras N-series de MicroDigital con versi\u00f3n de firmware hasta 6400.0.8.5, Un atacante puede explotar una Inyecci\u00f3n de Comandos de SO en el par\u00e1metro filename para la ejecuci\u00f3n de c\u00f3digo remota como root. Esto ocurre en el archivo ejecutable Mainproc, que puede ser ejecutado desde el servidor web HTTPD."}], "lastModified": "2019-08-13T18:42:54.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microdigital:mdc-n4090_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D55CED3-7FBF-49DA-8839-238BD0F12694", "versionEndIncluding": "6400.0.8.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microdigital:mdc-n4090:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87113142-90AD-448E-9E5B-D01B95B6EB34"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microdigital:mdc-n4090w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B0AB679-83C7-4A48-B1B6-538E30EE2ADC", "versionEndIncluding": "6400.0.8.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microdigital:mdc-n4090w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AB3AD88D-A959-49BB-895C-01CA2068FBDA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microdigital:mdc-n2190v_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4909796B-CF2B-4CBE-9875-E2C595BC62D9", "versionEndIncluding": "6400.0.8.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microdigital:mdc-n2190v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDC2E118-00CD-4788-9D52-E0CD9C91F26B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}