> [Suggested description]> An issue was discovered on MicroDigital N-series ca

1. > [Suggested description]
2. > An issue was discovered on MicroDigital N-series cameras with firmware
3. > through 6400.0.8.5. In a CGI program running under the HTTPD web
4. > server, a buffer overflow in the param parameter leads to remote code
5. > execution in the context of the nobody account.
6. >
7. > ------------------------------------------
8. >
9. > [Additional Information]
10. > 1. Company is not in the MITRE's list
11. > 2. Have exploitation screenshots as a PoC
12. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
13. >
14. > ------------------------------------------
15. >
16. > [Vulnerability Type]
17. > Buffer Overflow
18. >
19. > ------------------------------------------
20. >
21. > [Vendor of Product]
22. > MicroDigital
23. >
24. > ------------------------------------------
25. >
26. > [Affected Product Code Base]
27. > All of N-series cameras - up to 6400.0.8.5 (including)
28. >
29. > ------------------------------------------
30. >
31. > [Affected Component]
32. > Executable CGI-file running at HTTPD webserver
33. >
34. > ------------------------------------------
35. >
36. > [Attack Type]
37. > Remote
38. >
39. > ------------------------------------------
40. >
41. > [Impact Code execution]
42. > true
43. >
44. > ------------------------------------------
45. >
46. > [Impact Denial of Service]
47. > true
48. >
49. > ------------------------------------------
50. >
51. > [Impact Escalation of Privileges]
52. > true
53. >
54. > ------------------------------------------
55. >
56. > [Impact Information Disclosure]
57. > true
58. >
59. > ------------------------------------------
60. >
61. > [Attack Vectors]
62. > Attacker can exploit buffer overflow in "param" parameter for system remote code execution from user "nobody".
63. >
64. > ------------------------------------------
65. >
66. > [Reference]
67. > https://www.microdigital.ru/
68. > http://www.microdigital.co.kr/
69. >
70. > ------------------------------------------
71. >
72. > [Has vendor confirmed or acknowledged the vulnerability?]
73. > true
74. >
75. > ------------------------------------------
76. >
77. > [Discoverer]
78. > Shaposhnikov Ilya
79.  
80. Use CVE-2019-14698.
81.  
82.  
83. > [Suggested description]
84. > An issue was discovered on MicroDigital N-series cameras with firmware
85. > through 6400.0.8.5. An attacker can exploit OS Command Injection in
86. > the filename parameter for remote code execution as root. This occurs
87. > in the Mainproc executable file, which can be run from the HTTPD web
88. > server.
89. >
90. > ------------------------------------------
91. >
92. > [Additional Information]
93. > 1. Company is not in the MITRE's list
94. > 2. Have exploitation screenshots as a PoC
95. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
96. >
97. > ------------------------------------------
98. >
99. > [VulnerabilityType Other]
100. > OS Command Injection
101. >
102. > ------------------------------------------
103. >
104. > [Vendor of Product]
105. > MicroDigital
106. >
107. > ------------------------------------------
108. >
109. > [Affected Product Code Base]
110. > All of N-series cameras - up to 6400.0.8.5 (including)
111. >
112. > ------------------------------------------
113. >
114. > [Affected Component]
115. > "Mainproc" executable file which can be run from HTTPD web server.
116. >
117. > ------------------------------------------
118. >
119. > [Attack Type]
120. > Remote
121. >
122. > ------------------------------------------
123. >
124. > [Impact Code execution]
125. > true
126. >
127. > ------------------------------------------
128. >
129. > [Impact Denial of Service]
130. > true
131. >
132. > ------------------------------------------
133. >
134. > [Impact Escalation of Privileges]
135. > true
136. >
137. > ------------------------------------------
138. >
139. > [Impact Information Disclosure]
140. > true
141. >
142. > ------------------------------------------
143. >
144. > [Attack Vectors]
145. > Attacker can send request to camera web server with parameter "filename" with injected OS command into it and this command will be run from root user.
146. >
147. > ------------------------------------------
148. >
149. > [Reference]
150. > https://www.microdigital.ru/
151. > http://www.microdigital.co.kr/
152. >
153. > ------------------------------------------
154. >
155. > [Has vendor confirmed or acknowledged the vulnerability?]
156. > true
157. >
158. > ------------------------------------------
159. >
160. > [Discoverer]
161. > Shaposhnikov Ilya
162.  
163. Use CVE-2019-14699.
164.  
165.  
166. > [Suggested description]
167. > An issue was discovered on MicroDigital N-series cameras with firmware
168. > through 6400.0.8.5. There is disclosure of the existence of arbitrary
169. > files via Path Traversal in HTTPD. This occurs because the filename
170. > specified in the TZ parameter is accessed with a substantial delay if
171. > that file exists.
172. >
173. > ------------------------------------------
174. >
175. > [Additional Information]
176. > 1. Company is not in the MITRE's list
177. > 2. Have exploitation screenshots as a PoC
178. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
179. >
180. > ------------------------------------------
181. >
182. > [Vulnerability Type]
183. > Directory Traversal
184. >
185. > ------------------------------------------
186. >
187. > [VulnerabilityType Other]
188. > Relative Path Traversal
189. >
190. > ------------------------------------------
191. >
192. > [Vendor of Product]
193. > MicroDigital
194. >
195. > ------------------------------------------
196. >
197. > [Affected Product Code Base]
198. > All of N-series cameras - up to 6400.0.8.5 (including)
199. >
200. > ------------------------------------------
201. >
202. > [Affected Component]
203. > HTTPD web server of camera at 80 port.
204. >
205. > ------------------------------------------
206. >
207. > [Attack Type]
208. > Remote
209. >
210. > ------------------------------------------
211. >
212. > [Impact Denial of Service]
213. > true
214. >
215. > ------------------------------------------
216. >
217. > [Impact Information Disclosure]
218. > true
219. >
220. > ------------------------------------------
221. >
222. > [Attack Vectors]
223. > to exploit vulnerability attacker must send an http request to web
224. > server with special field named "TZ" with path of file (with
225. > path-traversal), and if file exist, site will wait for several seconds
226. > for reading and parsing it. It can gave the ability to check any exist
227. > file at device filesystem. Also attacker can set path to /dev/random
228. > to perform DoS attack.
229. >
230. > ------------------------------------------
231. >
232. > [Reference]
233. > https://www.microdigital.ru/
234. > http://www.microdigital.co.kr/
235. >
236. > ------------------------------------------
237. >
238. > [Has vendor confirmed or acknowledged the vulnerability?]
239. > true
240. >
241. > ------------------------------------------
242. >
243. > [Discoverer]
244. > Shaposhnikov Ilya
245.  
246. Use CVE-2019-14700.
247.  
248.  
249. > [Suggested description]
250. > An issue was discovered on MicroDigital N-series cameras with firmware
251. > through 6400.0.8.5. An attacker can trigger read operations on an
252. > arbitrary file via Path Traversal in the TZ parameter, but cannot
253. > retrieve the data that is read. This causes a denial of service if the
254. > filename is, for example, /dev/random.
255. >
256. > ------------------------------------------
257. >
258. > [Additional Information]
259. > 1. Company is not in the MITRE's list
260. > 2. Have exploitation screenshots as a PoC
261. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
262. >
263. > ------------------------------------------
264. >
265. > [Vulnerability Type]
266. > does not block /dev/random access
267. >
268. > ------------------------------------------
269. >
270. > [Vendor of Product]
271. > MicroDigital
272. >
273. > ------------------------------------------
274. >
275. > [Affected Product Code Base]
276. > All of N-series cameras - up to 6400.0.8.5 (including)
277. >
278. > ------------------------------------------
279. >
280. > [Affected Component]
281. > HTTPD web server of camera at 80 port.
282. >
283. > ------------------------------------------
284. >
285. > [Attack Type]
286. > Remote
287. >
288. > ------------------------------------------
289. >
290. > [Impact Denial of Service]
291. > true
292. >
293. > ------------------------------------------
294. >
295. > [Impact Information Disclosure]
296. > true
297. >
298. > ------------------------------------------
299. >
300. > [Attack Vectors]
301. > to exploit vulnerability attacker must send an http request to web
302. > server with special field named "TZ" with path of file (with
303. > path-traversal), and if file exist, site will wait for several seconds
304. > for reading and parsing it. It can gave the ability to check any exist
305. > file at device filesystem. Also attacker can set path to /dev/random
306. > to perform DoS attack.
307. >
308. > ------------------------------------------
309. >
310. > [Reference]
311. > https://www.microdigital.ru/
312. > http://www.microdigital.co.kr/
313. >
314. > ------------------------------------------
315. >
316. > [Has vendor confirmed or acknowledged the vulnerability?]
317. > true
318. >
319. > ------------------------------------------
320. >
321. > [Discoverer]
322. > Shaposhnikov Ilya
323.  
324. Use CVE-2019-14701.
325.  
326.  
327. > [Suggested description]
328. > An issue was discovered on MicroDigital N-series cameras with firmware
329. > through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms
330. > that are reachable through HTTPD. An attacker can, for example, create
331. > an admin account.
332. >
333. > ------------------------------------------
334. >
335. > [Additional Information]
336. > 1. Company is not in the MITRE's list
337. > 2. Have exploitation screenshots as a PoC
338. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
339. >
340. > ------------------------------------------
341. >
342. > [Vulnerability Type]
343. > SQL Injection
344. >
345. > ------------------------------------------
346. >
347. > [Vendor of Product]
348. > MicroDigital
349. >
350. > ------------------------------------------
351. >
352. > [Affected Product Code Base]
353. > All of N-series cameras - up to 6400.0.8.5 (including)
354. >
355. > ------------------------------------------
356. >
357. > [Affected Component]
358. > HTTPD web server of camera at 80 port.
359. >
360. > ------------------------------------------
361. >
362. > [Attack Type]
363. > Remote
364. >
365. > ------------------------------------------
366. >
367. > [Impact Code execution]
368. > true
369. >
370. > ------------------------------------------
371. >
372. > [Impact Denial of Service]
373. > true
374. >
375. > ------------------------------------------
376. >
377. > [Impact Escalation of Privileges]
378. > true
379. >
380. > ------------------------------------------
381. >
382. > [Impact Information Disclosure]
383. > true
384. >
385. > ------------------------------------------
386. >
387. > [Attack Vectors]
388. > Multiple vulnerable to SQL-injection forms (13 forms) which attacker can ,for example, use for creating admin account.
389. >
390. > ------------------------------------------
391. >
392. > [Reference]
393. > https://www.microdigital.ru/
394. > http://www.microdigital.co.kr/
395. >
396. > ------------------------------------------
397. >
398. > [Has vendor confirmed or acknowledged the vulnerability?]
399. > true
400. >
401. > ------------------------------------------
402. >
403. > [Discoverer]
404. > Shaposhnikov Ilya
405.  
406. Use CVE-2019-14702.
407.  
408.  
409. > [Suggested description]
410. > A CSRF issue was discovered in webparam?user&action=set&param=add in
411. > HTTPD on MicroDigital N-series cameras with firmware through
412. > 6400.0.8.5 to create an admin account.
413. >
414. > ------------------------------------------
415. >
416. > [Additional Information]
417. > 1. Company is not in the MITRE's list
418. > 2. Have exploitation screenshots as a PoC
419. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
420. >
421. > ------------------------------------------
422. >
423. > [Vulnerability Type]
424. > Cross Site Request Forgery (CSRF)
425. >
426. > ------------------------------------------
427. >
428. > [VulnerabilityType Other]
429. > Cross Site Request Forgery
430. >
431. > ------------------------------------------
432. >
433. > [Vendor of Product]
434. > MicroDigital
435. >
436. > ------------------------------------------
437. >
438. > [Affected Product Code Base]
439. > All of N-series cameras - up to 6400.0.8.5 (including)
440. >
441. > ------------------------------------------
442. >
443. > [Affected Component]
444. > HTTPD web server of camera at 80 port.
445. >
446. > ------------------------------------------
447. >
448. > [Attack Type]
449. > Remote
450. >
451. > ------------------------------------------
452. >
453. > [Impact Code execution]
454. > true
455. >
456. > ------------------------------------------
457. >
458. > [Impact Denial of Service]
459. > true
460. >
461. > ------------------------------------------
462. >
463. > [Impact Escalation of Privileges]
464. > true
465. >
466. > ------------------------------------------
467. >
468. > [Impact Information Disclosure]
469. > true
470. >
471. > ------------------------------------------
472. >
473. > [Attack Vectors]
474. > Attacker can send a url to admin of camera to control everything
475. > available at web admin panel. Example: url
476. > http://<ip>/webparam?user&action=set&param=add&id=tester&pass=cGFzc3dvcmQ=&authority=0&t=1552491782708
477. > will create admin user "tester" with password "password".
478. >
479. > ------------------------------------------
480. >
481. > [Reference]
482. > https://www.microdigital.ru/
483. > http://www.microdigital.co.kr/
484. >
485. > ------------------------------------------
486. >
487. > [Has vendor confirmed or acknowledged the vulnerability?]
488. > true
489. >
490. > ------------------------------------------
491. >
492. > [Discoverer]
493. > Shaposhnikov Ilya
494.  
495. Use CVE-2019-14703.
496.  
497.  
498. > [Suggested description]
499. > An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras
500. > with firmware through 6400.0.8.5 via FTP commands following a newline
501. > character in the uploadfile field.
502. >
503. > ------------------------------------------
504. >
505. > [Additional Information]
506. > 1. Company is not in the MITRE's list
507. > 2. Have exploitation screenshots as a PoC
508. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
509. >
510. > ------------------------------------------
511. >
512. > [VulnerabilityType Other]
513. > Server Side Request Forgery
514. >
515. > ------------------------------------------
516. >
517. > [Vendor of Product]
518. > MicroDigital
519. >
520. > ------------------------------------------
521. >
522. > [Affected Product Code Base]
523. > All of N-series cameras - up to 6400.0.8.5 (including)
524. >
525. > ------------------------------------------
526. >
527. > [Affected Component]
528. > HTTPD web server of camera at 80 port.
529. >
530. > ------------------------------------------
531. >
532. > [Attack Type]
533. > Remote
534. >
535. > ------------------------------------------
536. >
537. > [Impact Information Disclosure]
538. > true
539. >
540. > ------------------------------------------
541. >
542. > [CVE Impact Other]
543. > File editing
544. >
545. > ------------------------------------------
546. >
547. > [Attack Vectors]
548. > to exploit vulnerability attacker must send an http request to web
549. > server with special field named "uploadfile" with newline bytes and
550. > ftp-commands, followed after it. It can gave the ability to use device
551. > as proxy or edit any available information/files from connected
552. > ftp-server. Also attacker can read large file from FTP-server to
553. > perform DoS attack.
554. >
555. > ------------------------------------------
556. >
557. > [Reference]
558. > https://www.microdigital.ru/
559. > http://www.microdigital.co.kr/
560. >
561. > ------------------------------------------
562. >
563. > [Has vendor confirmed or acknowledged the vulnerability?]
564. > true
565. >
566. > ------------------------------------------
567. >
568. > [Discoverer]
569. > Shaposhnikov Ilya
570.  
571. Use CVE-2019-14704.
572.  
573.  
574. > [Suggested description]
575. > An Incorrect Access Control issue was discovered on MicroDigital
576. > N-series cameras with firmware through 6400.0.8.5 because any valid
577. > cookie can be used to make requests as an admin.
578. >
579. > ------------------------------------------
580. >
581. > [Additional Information]
582. > 1. Company is not in the MITRE's list
583. > 2. Have exploitation screenshots as a PoC
584. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
585. >
586. > ------------------------------------------
587. >
588. > [Vulnerability Type]
589. > Incorrect Access Control
590. >
591. > ------------------------------------------
592. >
593. > [Vendor of Product]
594. > MicroDigital
595. >
596. > ------------------------------------------
597. >
598. > [Affected Product Code Base]
599. > All of N-series cameras - up to 6400.0.8.5 (including)
600. >
601. > ------------------------------------------
602. >
603. > [Affected Component]
604. > HTTPD web server of camera at 80 port.
605. >
606. > ------------------------------------------
607. >
608. > [Attack Type]
609. > Remote
610. >
611. > ------------------------------------------
612. >
613. > [Impact Code execution]
614. > true
615. >
616. > ------------------------------------------
617. >
618. > [Impact Denial of Service]
619. > true
620. >
621. > ------------------------------------------
622. >
623. > [Impact Escalation of Privileges]
624. > true
625. >
626. > ------------------------------------------
627. >
628. > [Impact Information Disclosure]
629. > true
630. >
631. > ------------------------------------------
632. >
633. > [Attack Vectors]
634. > Attacker can send http request with only login in cookies and make any requests from selected user. Default admin user is root.
635. >
636. > ------------------------------------------
637. >
638. > [Reference]
639. > https://www.microdigital.ru/
640. > http://www.microdigital.co.kr/
641. >
642. > ------------------------------------------
643. >
644. > [Has vendor confirmed or acknowledged the vulnerability?]
645. > true
646. >
647. > ------------------------------------------
648. >
649. > [Discoverer]
650. > Shaposhnikov Ilya
651.  
652. Use CVE-2019-14705.
653.  
654.  
655. > [Suggested description]
656. > A denial of service issue in HTTPD was discovered on MicroDigital
657. > N-series cameras with firmware through 6400.0.8.5. An attacker without
658. > authorization can upload a file to upload.php with a filename longer
659. > than 256 bytes. This will be placed in the updownload area. It will
660. > not be deleted, because of a buffer overflow in a Bash command string.
661. >
662. > ------------------------------------------
663. >
664. > [Additional Information]
665. > 1. Company is not in the MITRE's list
666. > 2. Have exploitation screenshots as a PoC
667. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
668. >
669. > ------------------------------------------
670. >
671. > [Vulnerability Type]
672. > Buffer Overflow
673. >
674. > ------------------------------------------
675. >
676. > [Vendor of Product]
677. > MicroDigital
678. >
679. > ------------------------------------------
680. >
681. > [Affected Product Code Base]
682. > All of N-series cameras - up to 6400.0.8.5 (including)
683. >
684. > ------------------------------------------
685. >
686. > [Affected Component]
687. > file upload.php at HTTPD web server of camera at 80 port.
688. >
689. > ------------------------------------------
690. >
691. > [Attack Type]
692. > Remote
693. >
694. > ------------------------------------------
695. >
696. > [Impact Denial of Service]
697. > true
698. >
699. > ------------------------------------------
700. >
701. > [Attack Vectors]
702. > attacker without authorization can upload file to upload.php with
703. > filename, longer than 256 bytes, which will be placed to
704. > updownload and will not be deleted because of bof in bash command
705. > string.
706. >
707. > ------------------------------------------
708. >
709. > [Reference]
710. > https://www.microdigital.ru/
711. > http://www.microdigital.co.kr/
712. >
713. > ------------------------------------------
714. >
715. > [Has vendor confirmed or acknowledged the vulnerability?]
716. > true
717. >
718. > ------------------------------------------
719. >
720. > [Discoverer]
721. > Shaposhnikov Ilya
722.  
723. Use CVE-2019-14706.
724.  
725.  
726. > [Suggested description]
727. > An issue was discovered on MicroDigital N-series cameras with firmware
728. > through 6400.0.8.5. The firmware update process is insecure, leading
729. > to remote code execution. The attacker can provide arbitrary firmware
730. > in a .dat file via a webparam?system&action=set&upgrade URI.
731. >
732. > ------------------------------------------
733. >
734. > [Additional Information]
735. > 1. Company is not in the MITRE's list
736. > 2. Have exploitation screenshots as a PoC
737. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
738. >
739. > ------------------------------------------
740. >
741. > [VulnerabilityType Other]
742. > Download of Code Without Integrity Check
743. >
744. > ------------------------------------------
745. >
746. > [Vendor of Product]
747. > MicroDigital
748. >
749. > ------------------------------------------
750. >
751. > [Affected Product Code Base]
752. > All of N-series cameras - up to 6400.0.8.5 (including)
753. >
754. > ------------------------------------------
755. >
756. > [Affected Component]
757. > Executable CGI-file running at HTTPD webserver
758. >
759. > ------------------------------------------
760. >
761. > [Attack Type]
762. > Remote
763. >
764. > ------------------------------------------
765. >
766. > [Impact Code execution]
767. > true
768. >
769. > ------------------------------------------
770. >
771. > [Impact Denial of Service]
772. > true
773. >
774. > ------------------------------------------
775. >
776. > [Impact Escalation of Privileges]
777. > true
778. >
779. > ------------------------------------------
780. >
781. > [Attack Vectors]
782. > Attacker can build and upload .dat firmware using upload.php and initiate firmware update with request
783. > in admin panel ( /webparam?system&action=set&upgrade&...).
784. >
785. > ------------------------------------------
786. >
787. > [Reference]
788. > https://www.microdigital.ru/
789. > http://www.microdigital.co.kr/
790. >
791. > ------------------------------------------
792. >
793. > [Has vendor confirmed or acknowledged the vulnerability?]
794. > true
795. >
796. > ------------------------------------------
797. >
798. > [Discoverer]
799. > Shaposhnikov Ilya
800.  
801. Use CVE-2019-14707.
802.  
803.  
804. > [Suggested description]
805. > An issue was discovered on MicroDigital N-series cameras with firmware
806. > through 6400.0.8.5. A buffer overflow in the action parameter leads to
807. > remote code execution in the context of the nobody account.
808. >
809. > ------------------------------------------
810. >
811. > [Additional Information]
812. > 1. Company is not in the MITRE's list
813. > 2. Have exploitation screenshots as a PoC
814. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
815. >
816. > ------------------------------------------
817. >
818. > [Vulnerability Type]
819. > Buffer Overflow
820. >
821. > ------------------------------------------
822. >
823. > [Vendor of Product]
824. > MicroDigital
825. >
826. > ------------------------------------------
827. >
828. > [Affected Product Code Base]
829. > All of N-series cameras - up to 6400.0.8.5 (including)
830. >
831. > ------------------------------------------
832. >
833. > [Affected Component]
834. > Executable CGI-file running at HTTPD webserver
835. >
836. > ------------------------------------------
837. >
838. > [Attack Type]
839. > Remote
840. >
841. > ------------------------------------------
842. >
843. > [Impact Code execution]
844. > true
845. >
846. > ------------------------------------------
847. >
848. > [Impact Denial of Service]
849. > true
850. >
851. > ------------------------------------------
852. >
853. > [Impact Escalation of Privileges]
854. > true
855. >
856. > ------------------------------------------
857. >
858. > [Impact Information Disclosure]
859. > true
860. >
861. > ------------------------------------------
862. >
863. > [Attack Vectors]
864. > Attacker can exploit buffer overflow in action parameter for system remote code execution from user "nobody".
865. >
866. > ------------------------------------------
867. >
868. > [Reference]
869. > https://www.microdigital.ru/
870. > http://www.microdigital.co.kr/
871. >
872. > ------------------------------------------
873. >
874. > [Has vendor confirmed or acknowledged the vulnerability?]
875. > true
876. >
877. > ------------------------------------------
878. >
879. > [Discoverer]
880. > Shaposhnikov Ilya
881.  
882. Use CVE-2019-14708.
883.  
884.  
885. > [Suggested description]
886. > A cleartext password storage issue was discovered on MicroDigital
887. > N-series cameras with firmware through 6400.0.8.5. The file in
888. > question is /usr/local/ipsca/mipsca.db. If a camera is compromised,
889. > the attacker can gain access to passwords and abuse them to compromise
890. > further systems.
891. >
892. > ------------------------------------------
893. >
894. > [Additional Information]
895. > 1. Company is not in the MITRE's list
896. > 2. Have exploitation screenshots as a PoC
897. > 3. Contacted company by mail but they refused fixes cause of department dissolution of developers of this firmware
898. >
899. > ------------------------------------------
900. >
901. > [VulnerabilityType Other]
902. > Password Plaintext Storage
903. >
904. > ------------------------------------------
905. >
906. > [Vendor of Product]
907. > MicroDigital
908. >
909. > ------------------------------------------
910. >
911. > [Affected Product Code Base]
912. > All of N-series cameras - up to 6400.0.8.5 (including)
913. >
914. > ------------------------------------------
915. >
916. > [Affected Component]
917. > HTTPD web server of camera at 80 port.
918. >
919. > ------------------------------------------
920. >
921. > [Attack Type]
922. > Local
923. >
924. > ------------------------------------------
925. >
926. > [Impact Information Disclosure]
927. > true
928. >
929. > ------------------------------------------
930. >
931. > [Attack Vectors]
932. > To exploit vulnerability someone must read file /usr/local/ipsca/mipsca.db (which is SQLite3 database) which contains actual accounts passwords
933. >
934. > ------------------------------------------
935. >
936. > [Reference]
937. > https://www.microdigital.ru/
938. > http://www.microdigital.co.kr/
939. >
940. > ------------------------------------------
941. >
942. > [Has vendor confirmed or acknowledged the vulnerability?]
943. > true
944. >
945. > ------------------------------------------
946. >
947. > [Discoverer]
948. > Shaposhnikov Ilya