OS Command Injection in MicroDigital N-series Cameras: Remote Code Execution as Root

OS Command Injection in MicroDigital N-series Cameras: Remote Code Execution as Root

CVE-2019-14699 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.

Learn more about our Web App Pen Testing.