CVE-2019-14705

An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
microdigitalmdc-n4090_firmware
𝑥
≤ 6400.0.8.5
microdigitalmdc-n4090w_firmware
𝑥
≤ 6400.0.8.5
microdigitalmdc-n2190v_firmware
𝑥
≤ 6400.0.8.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.microdigital.co.kr/
https://pastebin.com/PSyqqs1g
https://www.microdigital.ru/
http://www.microdigital.co.kr/
https://pastebin.com/PSyqqs1g
https://www.microdigital.ru/