Shaposhnikov Ilya

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** A buffer overflow issue exists in a CGI program running under the HTTPD web server, specifically in the `param` parameter, which can lead to remote code execution in the context of the nobody account. **Recommendations** For versions through 6400.0.8.5, consider restricting access to the vulnerable CGI program until a patch is available. As a temporary workaround, avoid using the `param` parameter in the affected HTTPD web server endpoint.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** The issue allows an attacker to exploit OS Command Injection in the `filename` parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server. **Recommendations** For versions through 6400.0.8.5, as a temporary workaround, consider restricting access to the Mainproc executable file to minimize the risk of exploitation. Avoid using the `filename` parameter in the affected HTTPD web server endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** The issue allows disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This happens because the filename specified in the `TZ` parameter is accessed with a delay if the file exists, indicating its presence. **Recommendations** For versions through 6400.0.8.5, as a temporary workaround, consider restricting access to the HTTPD service to minimize the risk of exploitation. Avoid using the `TZ` parameter in affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** An issue allows an attacker to trigger read operations on arbitrary files via Path Traversal in the `TZ` parameter. Although the attacker cannot retrieve the data that is read, this can cause a denial of service if the filename is, for example, `/dev/random`. **Recommendations** For versions through 6400.0.8.5, as a temporary workaround, consider restricting access to the `TZ` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** An issue exists where SQL injection vulnerabilities are present in 13 forms reachable through HTTPD. This allows an attacker to create an admin account, among other potential actions. **Recommendations** For versions through 6400.0.8.5, consider restricting access to the HTTPD service until a patch is available. As a temporary workaround, avoid using the vulnerable forms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras firmware through 6400.0.8.5 **Description** A Server-Side Request Forgery (SSRF) issue was found in HTTPD on the affected cameras. This issue can be triggered via FTP commands when a newline character is included in the `uploadfile` field. **Recommendations** For firmware through 6400.0.8.5, consider restricting access to the FTP upload functionality until a patch is available. As a temporary workaround, avoid using the `uploadfile` field with newline characters in FTP commands.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** An issue with incorrect access control was found, allowing any valid cookie to be used for making requests as an administrator. **Recommendations** For versions through 6400.0.8.5, consider restricting access to administrative functions until a fix is available. As a temporary workaround, limit the use of cookies for authentication to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** An issue was discovered in the firmware update process of the affected cameras, which is insecure and can lead to remote code execution. The attacker can provide arbitrary firmware in a `.dat` file via a `webparam?system&action=set&upgrade` URI. **Recommendations** For versions through 6400.0.8.5, update the firmware to a version later than 6400.0.8.5 to secure the firmware update process and prevent remote code execution. As a temporary workaround, consider restricting access to the `webparam?system&action=set&upgrade` URI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** A buffer overflow issue exists due to the `action` parameter, which can lead to remote code execution in the context of the nobody account. **Recommendations** For versions through 6400.0.8.5, consider restricting access to the vulnerable `action` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MicroDigital N-series cameras versions through 6400.0.8.5 **Description** A cleartext password storage issue was discovered, allowing an attacker to gain access to passwords stored in the /usr/local/ipsca/mipsca.db file if a camera is compromised. This could lead to further system compromises. **Recommendations** For versions through 6400.0.8.5, consider restricting access to the /usr/local/ipsca/mipsca.db file until a fix is available. As a temporary workaround, avoid using the affected cameras for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.