PT-2019-5818 · Microdigital · Microdigital N-Series
Ilya Shaposhnikov
·
Published
2019-08-06
·
Updated
2019-08-14
·
CVE-2019-14706
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
MicroDigital N-series cameras with firmware through 6400.0.8.5
Description
The issue is related to a buffer overflow in memory, which can be exploited by an attacker to cause a denial of service. This can be achieved by uploading a file with a filename longer than 256 bytes to the "upload.php" endpoint. The file will be placed in the "updownload" area and will not be deleted due to the buffer overflow in a Bash command string.
Recommendations
For MicroDigital N-series cameras with firmware through 6400.0.8.5, consider restricting access to the "upload.php" endpoint to prevent unauthorized file uploads until a patch is available. As a temporary workaround, limit the length of filenames that can be uploaded to prevent buffer overflow exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Microdigital N-Series