5773 matches found
CVE-2019-14706
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...
CVE-2019-14702
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account...
CVE-2019-14703
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account...
Sql injection
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account...
Server side request forgery (ssrf)
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field...
Buffer overflow
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account...
Design/Logic Flaw
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...
Command injection
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server...
Path traversal
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists...
CVE-2019-14698
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account...
CVE-2019-14698
MicroDigital N-series cameras (firmware up to 6400.0.8.5) expose a vulnerability in a CGI program running under the HTTPD web server. A buffer overflow in the param parameter allows remote code execution in the nobody context. This is a server-side flaw in the CGI component and is stated as enabl...
CVE-2019-14699
CVE-2019-14699 affects MicroDigital N-series network cameras with firmware up to 6400.0.8.5. The vulnerability lies in the filename parameter processed by the Mainproc executable, which can be invoked via the HTTPD web server and is susceptible to OS command injection. Successful exploitation yie...
CVE-2019-14700
The CVE-2019-14700 entry applies to MicroDigital N-series cameras with firmware up to 6400.0.8.5, where HTTPD path traversal allows disclosure of arbitrary files. The root cause is a timing-related access of the filename specified in the TZ parameter, causing exposure when the file exists. Multip...
CVE-2019-14700
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists...
CVE-2019-14702
CVE-2019-14702 affects MicroDigital N-series cameras with firmware up to 6400.0.8.5. The vulnerability is SQL injection across 13 HTTPD-accessible forms, enabling an attacker to, for example, create an admin account. The issue is rooted in insecure input handling in the web interface, allowing cr...
CVE-2019-14702
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account...
CVE-2019-14703
CVE-2019-14703 describes a cross-site request forgery (CSRF) vulnerability in MicroDigital N-series cameras. The issue occurs in HTTPD via the path webparam?user&action=set¶m=add, which can be abused to create an admin account. Public details consistently reference firmware up to 6400.0.8.5 a...
CVE-2019-14703
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account...
CVE-2019-14704
CVE-2019-14704 describes an SSRF vulnerability in the HTTPD component of MicroDigital N-series cameras (firmware up to 6400.0.8.5). The issue occurs when FTP uploadfile field data contains a newline character, allowing HTTPD to be triggered via crafted FTP commands. Reported impact is high: CVSS ...
CVE-2019-14706
The CVE-2019-14706 entry concerns MicroDigital N-series IP cameras running firmware up to 6400.0.8.5. The vulnerability is a denial-of-service caused by an unauthenticated attacker uploading a file to upload.php with a filename longer than 256 bytes; the file is placed in the updownload area and ...