Path traversal

2019-08-0623:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random.

CPENameOperatorVersion
mdc-n2190v_firmwarele6400.0.8.5
mdc-n4090_firmwarele6400.0.8.5
mdc-n4090w_firmwarele6400.0.8.5

Name	Operator	Version
mdc-n2190v_firmware	le	6400.0.8.5
mdc-n4090_firmware	le	6400.0.8.5
mdc-n4090w_firmware	le	6400.0.8.5

References

www.microdigital.co.kr/

pastebin.com/PSyqqs1g

www.microdigital.ru/