95 matches found
CVE-2019-14703
CVE-2019-14703 describes a cross-site request forgery (CSRF) vulnerability in MicroDigital N-series cameras. The issue occurs in HTTPD via the path webparam?user&action=set¶m=add, which can be abused to create an admin account. Public details consistently reference firmware up to 6400.0.8.5 a...
CVE-2019-14704
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field...
CVE-2019-14704
CVE-2019-14704 describes an SSRF vulnerability in the HTTPD component of MicroDigital N-series cameras (firmware up to 6400.0.8.5). The issue occurs when FTP uploadfile field data contains a newline character, allowing HTTPD to be triggered via crafted FTP commands. Reported impact is high: CVSS ...
CVE-2019-14705
CVE-2019-14705 affects MicroDigital N-series cameras up to firmware 6400.0.8.5. The issue is an incorrect access control that lets an attacker perform admin actions using any valid cookie, effectively bypassing authentication. Documented CVSSv3 base score is 7.2 (HIGH) with network attack vector ...
CVE-2019-14705
An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin...
CVE-2019-14706
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...
CVE-2019-14706
The CVE-2019-14706 entry concerns MicroDigital N-series IP cameras running firmware up to 6400.0.8.5. The vulnerability is a denial-of-service caused by an unauthenticated attacker uploading a file to upload.php with a filename longer than 256 bytes; the file is placed in the updownload area and ...
CVE-2019-14707
CVE-2019-14707 affects MicroDigital N-series cameras (firmware up to 6400.0.8.5). The issue is in the firmware update process, which is insecure and permits remote code execution when an attacker supplies arbitrary firmware in a .dat file via the URI webparam?system&action=set&upgrade. The availa...
CVE-2019-14707
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI...
CVE-2019-14708
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account...
CVE-2019-14708
CVE-2019-14708 affects MicroDigital N-series cameras up to firmware 6400.0.8.5. The issue is a buffer overflow in the action parameter, which can lead to remote code execution in the context of the nobody account. The available connected documents confirm the vulnerability description but do not ...
CVE-2019-14709
A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems...
CVE-2019-14709
CVE-2019-14709 affects MicroDigital N-series cameras up to firmware 6400.0.8.5. The vulnerability is a cleartext password storage issue in the file "/usr/local/ipsca/mipsca.db". If a camera is compromised, an attacker can access passwords and potentially abuse them to compromise additional system...
MicroDigital N-series cameras trust management issue vulnerability
MICRODIGITAL N-series cameras is a N-series network camera from MICRODIGITAL in Korea. A trust management issue vulnerability exists in the /usr/local/ipsca/mipsca.db file in MicroDigital N-series cameras using firmware version 6400.0.8.5 and earlier, which can be exploited by an attacker to gain...
CCTV DVR Login Scanning Utility
This module tests for standalone CCTV DVR video surveillance deployments specifically by MicroDigital, HIVISION, CTRing, and numerous other rebranded devices that are utilizing default vendor passwords. Additionally, this module has the ability to brute force user accounts. Such CCTV DVR video...