7.5
CVE-2019-14706
- EPSS 0.61%
- Veröffentlicht 06.08.2019 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:27:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microdigital ≫ Mdc-n4090 Firmware Version <= 6400.0.8.5
Microdigital ≫ Mdc-n4090w Firmware Version <= 6400.0.8.5
Microdigital ≫ Mdc-n2190v Firmware Version <= 6400.0.8.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.692 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.