CVE-2019-14699

Name of the Vulnerable Software and Affected Versions MicroDigital N-series cameras versions through 6400.0.8.5

Description The issue allows an attacker to exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.

Recommendations For versions through 6400.0.8.5, as a temporary workaround, consider restricting access to the Mainproc executable file to minimize the risk of exploitation. Avoid using the filename parameter in the affected HTTPD web server endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.