Описание
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6400.0.8.5 (включая)
Одновременно
cpe:2.3:o:microdigital:mdc-n4090_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n4090:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 6400.0.8.5 (включая)
Одновременно
cpe:2.3:o:microdigital:mdc-n4090w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n4090w:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 6400.0.8.5 (включая)
Одновременно
cpe:2.3:o:microdigital:mdc-n2190v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microdigital:mdc-n2190v:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08487
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
EPSS
Процентиль: 92%
0.08487
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78