9.8
CVE-2019-14704
- EPSS 0.59%
- Veröffentlicht 06.08.2019 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:27:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microdigital ≫ Mdc-n4090 Firmware Version <= 6400.0.8.5
Microdigital ≫ Mdc-n4090w Firmware Version <= 6400.0.8.5
Microdigital ≫ Mdc-n2190v Firmware Version <= 6400.0.8.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.666 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.