CVE-2019-14702

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account.
References
Link Resource
http://www.microdigital.co.kr/ Vendor Advisory
https://pastebin.com/PSyqqs1g Third Party Advisory
https://www.microdigital.ru/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microdigital:mdc-n4090_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n4090:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:microdigital:mdc-n4090w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n4090w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:microdigital:mdc-n2190v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n2190v:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-06 23:15

Updated : 2024-02-04 20:20


NVD link : CVE-2019-14702

Mitre link : CVE-2019-14702

CVE.ORG link : CVE-2019-14702


JSON object : View

Products Affected

microdigital

  • mdc-n4090w
  • mdc-n4090
  • mdc-n4090_firmware
  • mdc-n2190v
  • mdc-n2190v_firmware
  • mdc-n4090w_firmware
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')