CVE-2023-38523

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder...

CVE-2023-38523

Summary: The Samsung Harman AMX N-Series web UI exposes an unauthenticated directory listing of /tmp/, allowing leakage of sensitive files (e.g., command history and screenshots). Affected products and versions (as documented): N1115 Wallplate Video Encoder prior to 1.15.61 N1x22A/N1x33A/N1x33/ N...

CVE-2019-14704

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field...

CVE-2019-14707

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI...

CVE-2019-14708

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account...

CVE-2019-14699

CVE-2019-14699 affects MicroDigital N-series network cameras with firmware up to 6400.0.8.5. The vulnerability lies in the filename parameter processed by the Mainproc executable, which can be invoked via the HTTPD web server and is susceptible to OS command injection. Successful exploitation yie...

CVE-2019-14700

The CVE-2019-14700 entry applies to MicroDigital N-series cameras with firmware up to 6400.0.8.5, where HTTPD path traversal allows disclosure of arbitrary files. The root cause is a timing-related access of the filename specified in the TZ parameter, causing exposure when the file exists. Multip...

CVE-2019-14701

CVE-2019-14701 affects MicroDigital N-series cameras with firmware up to 6400.0.8.5. A path traversal flaw in the TZ parameter allows an attacker to trigger read operations on an arbitrary file (example: /dev/random). The attacker cannot retrieve the read data, but this can cause a denial of serv...

CVE-2019-14702

CVE-2019-14702 affects MicroDigital N-series cameras with firmware up to 6400.0.8.5. The vulnerability is SQL injection across 13 HTTPD-accessible forms, enabling an attacker to, for example, create an admin account. The issue is rooted in insecure input handling in the web interface, allowing cr...

CVE-2019-14703

A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account...

CVE-2019-14704

CVE-2019-14704 describes an SSRF vulnerability in the HTTPD component of MicroDigital N-series cameras (firmware up to 6400.0.8.5). The issue occurs when FTP uploadfile field data contains a newline character, allowing HTTPD to be triggered via crafted FTP commands. Reported impact is high: CVSS ...

CVE-2019-14705

CVE-2019-14705 affects MicroDigital N-series cameras up to firmware 6400.0.8.5. The issue is an incorrect access control that lets an attacker perform admin actions using any valid cookie, effectively bypassing authentication. Documented CVSSv3 base score is 7.2 (HIGH) with network attack vector ...

CVE-2019-14707

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI...

CVE-2019-14708

CVE-2019-14708 affects MicroDigital N-series cameras up to firmware 6400.0.8.5. The issue is a buffer overflow in the action parameter, which can lead to remote code execution in the context of the nobody account. The available connected documents confirm the vulnerability description but do not ...