CVE-2019-14706

Name of the Vulnerable Software and Affected Versions MicroDigital N-series cameras with firmware through 6400.0.8.5

Description The issue is related to a buffer overflow in memory, which can be exploited by an attacker to cause a denial of service. This can be achieved by uploading a file with a filename longer than 256 bytes to the "upload.php" endpoint. The file will be placed in the "updownload" area and will not be deleted due to the buffer overflow in a Bash command string.

Recommendations For MicroDigital N-series cameras with firmware through 6400.0.8.5, consider restricting access to the "upload.php" endpoint to prevent unauthorized file uploads until a patch is available. As a temporary workaround, limit the length of filenames that can be uploaded to prevent buffer overflow exploitation.