microdigital CVE Vulnerabilities & Metrics

Focus on microdigital vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About microdigital Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with microdigital. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total microdigital CVEs: 12
Earliest CVE date: 06 Aug 2019, 23:15 UTC
Latest CVE date: 06 Aug 2019, 23:15 UTC

Latest CVE reference: CVE-2019-14709

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical microdigital CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.65

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	7
7.0-8.9	4
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS microdigital CVEs

These are the five CVEs with the highest CVSS scores for microdigital, sorted by severity first and recency.

CVE-2019-14699 microdigital Published on 06 Aug 2019, 23:15 UTC (CVSS: 10.0)
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.
CVE-2019-14708 microdigital Published on 06 Aug 2019, 23:15 UTC (CVSS: 7.5)
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account.
CVE-2019-14704 microdigital Published on 06 Aug 2019, 23:15 UTC (CVSS: 7.5)
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field.
CVE-2019-14702 microdigital Published on 06 Aug 2019, 23:15 UTC (CVSS: 7.5)
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account.
CVE-2019-14698 microdigital Published on 06 Aug 2019, 23:15 UTC (CVSS: 7.5)
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account.

All CVEs for microdigital

CVE-2019-14709 microdigital vulnerability CVSS: 5.0 06 Aug 2019, 23:15 UTC

A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.

CVE-2019-14708 microdigital vulnerability CVSS: 7.5 06 Aug 2019, 23:15 UTC

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account.

CVE-2019-14707 microdigital vulnerability CVSS: 6.5 06 Aug 2019, 23:15 UTC

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote code execution. The attacker can provide arbitrary firmware in a .dat file via a webparam?system&action=set&upgrade URI.

CVE-2019-14706 microdigital vulnerability CVSS: 5.0 06 Aug 2019, 23:15 UTC

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because of a buffer overflow in a Bash command string.

CVE-2019-14705 microdigital vulnerability CVSS: 6.5 06 Aug 2019, 23:15 UTC

An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin.

CVE-2019-14704 microdigital vulnerability CVSS: 7.5 06 Aug 2019, 23:15 UTC

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field.

CVE-2019-14703 microdigital vulnerability CVSS: 6.8 06 Aug 2019, 23:15 UTC

A CSRF issue was discovered in webparam?user&action=set&param=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account.

CVE-2019-14702 microdigital vulnerability CVSS: 7.5 06 Aug 2019, 23:15 UTC

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account.

CVE-2019-14701 microdigital vulnerability CVSS: 5.0 06 Aug 2019, 23:15 UTC

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random.

CVE-2019-14700 microdigital vulnerability CVSS: 5.0 06 Aug 2019, 23:15 UTC

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists.

CVE-2019-14699 microdigital vulnerability CVSS: 10.0 06 Aug 2019, 23:15 UTC

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server.

CVE-2019-14698 microdigital vulnerability CVSS: 7.5 06 Aug 2019, 23:15 UTC

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account.