Path traversal

2019-08-0623:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists.

CPENameOperatorVersion
mdc-n2190v_firmwarele6400.0.8.5
mdc-n4090_firmwarele6400.0.8.5
mdc-n4090w_firmwarele6400.0.8.5

Name	Operator	Version
mdc-n2190v_firmware	le	6400.0.8.5
mdc-n4090_firmware	le	6400.0.8.5
mdc-n4090w_firmware	le	6400.0.8.5

References

www.microdigital.co.kr/

pastebin.com/PSyqqs1g

www.microdigital.ru/