Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for g-cam_ethc-2230_firmware by geutebrueck

    CVE-2021-33554 (GCVE-0-2021-33554)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 03:08
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in appfile.filename parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in appfile.filename parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33554",
        "datePublished": "2021-09-13T17:55:49.767Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:08:06.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33553 (GCVE-0-2021-33553)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 20:17
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in command parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33553",
        "datePublished": "2021-09-13T17:55:48.174Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:17:28.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33552 (GCVE-0-2021-33552)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:50
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.068Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33552",
        "datePublished": "2021-09-13T17:55:46.549Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:35.510Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33551 (GCVE-0-2021-33551)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 18:13
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.179Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in environment.lang parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33551",
        "datePublished": "2021-09-13T17:55:44.932Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:40.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33550 (GCVE-0-2021-33550)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:11
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.973Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33550",
        "datePublished": "2021-09-13T17:55:43.372Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:11:15.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33549 (GCVE-0-2021-33549)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 00:00
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.115Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-17T21:06:48.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-08-31T22:00:01.000Z",
              "ID": "CVE-2021-33549",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                },
                {
                  "name": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33549",
        "datePublished": "2021-09-13T17:55:41.804Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:00:56.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33548 (GCVE-0-2021-33548)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 19:41
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.995Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in preserve parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33548",
        "datePublished": "2021-09-13T17:55:40.187Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:41:35.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33547 (GCVE-0-2021-33547)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 02:47
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.961Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:55:38.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
              "ID": "CVE-2021-33547",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33547",
        "datePublished": "2021-09-13T17:55:38.601Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:47:47.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33546 (GCVE-0-2021-33546)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 04:24
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Buffer overflow in name parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:55:36.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
              "ID": "CVE-2021-33546",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33546",
        "datePublished": "2021-09-13T17:55:36.920Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:24:10.084Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33545 (GCVE-0-2021-33545)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:55
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Buffer overflow in counter parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:55:35.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
              "ID": "CVE-2021-33545",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33545",
        "datePublished": "2021-09-13T17:55:35.310Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:55:45.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33544 (GCVE-0-2021-33544)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 17:03
    Title
    UDP Technology/Geutebrück camera devices: command injection leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33544",
        "datePublished": "2021-09-13T17:55:33.770Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:03:56.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33543 (GCVE-0-2021-33543)

    Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-08-03 23:50
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Authentication Bypass
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-28T14:30:17.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "ID": "CVE-2021-33543",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33543",
        "datePublished": "2021-09-13T17:55:32.000Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:50:43.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16205 (GCVE-0-2020-16205)

    Vulnerability from nvd – Published: 2020-08-14 13:56 – Updated: 2024-08-04 13:37
    VLAI
    Summary
    Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
    Assigner
    Impacted products
    Vendor Product Version
    n/a G-Cam and G-Code Affected: Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "G-Cam and G-Code",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-17T19:06:10.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-16205",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "G-Cam and G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16205",
        "datePublished": "2020-08-14T13:56:23.000Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:37:54.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10958 (GCVE-0-2019-10958)

    Vulnerability from nvd – Published: 2020-01-17 17:53 – Updated: 2024-08-04 22:40
    VLAI
    Summary
    Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Geutebruck IP Cameras Affected: G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:15.615Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Geutebruck IP Cameras",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-17T17:53:34.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-10958",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Geutebruck IP Cameras",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-10958",
        "datePublished": "2020-01-17T17:53:34.000Z",
        "dateReserved": "2019-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:40:15.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10957 (GCVE-0-2019-10957)

    Vulnerability from nvd – Published: 2020-01-17 17:53 – Updated: 2024-08-04 22:40
    VLAI
    Summary
    Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Geutebruck IP Cameras Affected: G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:15.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Geutebruck IP Cameras",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-17T17:53:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-10957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Geutebruck IP Cameras",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-10957",
        "datePublished": "2020-01-17T17:53:09.000Z",
        "dateReserved": "2019-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:40:15.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10956 (GCVE-0-2019-10956)

    Vulnerability from nvd – Published: 2020-01-17 17:52 – Updated: 2024-08-04 22:40
    VLAI
    Summary
    Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Geutebruck IP Cameras Affected: G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:15.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Geutebruck IP Cameras",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-17T17:52:38.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-10956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Geutebruck IP Cameras",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-10956",
        "datePublished": "2020-01-17T17:52:38.000Z",
        "dateReserved": "2019-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:40:15.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33554 (GCVE-0-2021-33554)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 03:08
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in appfile.filename parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in appfile.filename parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33554",
        "datePublished": "2021-09-13T17:55:49.767Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:08:06.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33553 (GCVE-0-2021-33553)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 20:17
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in command parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33553",
        "datePublished": "2021-09-13T17:55:48.174Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:17:28.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33552 (GCVE-0-2021-33552)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:50
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.068Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33552",
        "datePublished": "2021-09-13T17:55:46.549Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:35.510Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33551 (GCVE-0-2021-33551)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 18:13
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.179Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in environment.lang parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33551",
        "datePublished": "2021-09-13T17:55:44.932Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:40.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33550 (GCVE-0-2021-33550)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:11
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.973Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33550",
        "datePublished": "2021-09-13T17:55:43.372Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:11:15.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33549 (GCVE-0-2021-33549)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 00:00
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.115Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-17T21:06:48.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-08-31T22:00:01.000Z",
              "ID": "CVE-2021-33549",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                },
                {
                  "name": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33549",
        "datePublished": "2021-09-13T17:55:41.804Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:00:56.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33548 (GCVE-0-2021-33548)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 19:41
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.995Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in preserve parameter leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33548",
        "datePublished": "2021-09-13T17:55:40.187Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:41:35.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33547 (GCVE-0-2021-33547)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 02:47
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.961Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:55:38.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
              "ID": "CVE-2021-33547",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33547",
        "datePublished": "2021-09-13T17:55:38.601Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:47:47.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33546 (GCVE-0-2021-33546)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 04:24
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Buffer overflow in name parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:55:36.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
              "ID": "CVE-2021-33546",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33546",
        "datePublished": "2021-09-13T17:55:36.920Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:24:10.084Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33545 (GCVE-0-2021-33545)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:55
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Buffer overflow in counter parameter leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-13T17:55:35.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
              "ID": "CVE-2021-33545",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33545",
        "datePublished": "2021-09-13T17:55:35.310Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:55:45.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33544 (GCVE-0-2021-33544)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 17:03
    Title
    UDP Technology/Geutebrück camera devices: command injection leading to RCE
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Date Public
    2021-08-31 00:00
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "datePublic": "2021-08-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-02T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE",
          "x_generator": {
            "engine": "vulnogram 0.1.0-rc1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33544",
        "datePublished": "2021-09-13T17:55:33.770Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:03:56.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33543 (GCVE-0-2021-33543)

    Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-08-03 23:50
    VLAI
    Title
    UDP Technology/Geutebrück camera devices: Authentication Bypass
    Summary
    Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Geutebrück E2 Series Affected: EBC-21xx 1.12.13.2
    Affected: EBC-21xx 1.12.14.5
    Affected: EFD-22xx 1.12.13.2
    Affected: EFD-22xx 1.12.14.5
    Affected: ETHC-22xx 1.12.13.2
    Affected: ETHC-22xx 1.12.14.5
    Affected: EWPC-22xx 1.12.13.2
    Affected: EWPC-22xx 1.12.14.5
    Affected: EBC-21xx , ≤ 1.12.0.27 (custom)
    Affected: EFD-22xx , ≤ 1.12.0.27 (custom)
    Affected: ETHC-22xx , ≤ 1.12.0.27 (custom)
    Affected: EWPC-22xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Geutebrück Encoder G-Code Affected: EEC-2xx 1.12.13.2
    Affected: EEC-2xx 1.12.14.5
    Affected: EEN-20xx 1.12.13.2
    Affected: EEN-20xx 1.12.14.5
    Affected: EEC-2xx , ≤ 1.12.0.27 (custom)
    Affected: EEN-20xx , ≤ 1.12.0.27 (custom)
    Create a notification for this product.
    Credits
    Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "E2 Series",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EBC-21xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EFD-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "ETHC-22xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EWPC-22xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EBC-21xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EFD-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "ETHC-22xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EWPC-22xx",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Encoder G-Code",
              "vendor": "Geutebr\u00fcck",
              "versions": [
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEC-2xx 1.12.14.5"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.13.2"
                },
                {
                  "status": "affected",
                  "version": "EEN-20xx 1.12.14.5"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEC-2xx",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.12.0.27",
                  "status": "affected",
                  "version": "EEN-20xx",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-28T14:30:17.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "ID": "CVE-2021-33543",
              "STATE": "PUBLIC",
              "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "E2 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EBC-21xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EFD-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "ETHC-22xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EWPC-22xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Encoder G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEC-2xx",
                                "version_value": "1.12.14.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.0.27"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.13.2"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "EEN-20xx",
                                "version_value": "1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Geutebr\u00fcck"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
                  "refsource": "CONFIRM",
                  "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33543",
        "datePublished": "2021-09-13T17:55:32.000Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:50:43.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16205 (GCVE-0-2020-16205)

    Vulnerability from cvelistv5 – Published: 2020-08-14 13:56 – Updated: 2024-08-04 13:37
    VLAI
    Summary
    Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
    Assigner
    Impacted products
    Vendor Product Version
    n/a G-Cam and G-Code Affected: Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "G-Cam and G-Code",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-17T19:06:10.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-16205",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "G-Cam and G-Code",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16205",
        "datePublished": "2020-08-14T13:56:23.000Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:37:54.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10958 (GCVE-0-2019-10958)

    Vulnerability from cvelistv5 – Published: 2020-01-17 17:53 – Updated: 2024-08-04 22:40
    VLAI
    Summary
    Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Geutebruck IP Cameras Affected: G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:15.615Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Geutebruck IP Cameras",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-17T17:53:34.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-10958",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Geutebruck IP Cameras",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-10958",
        "datePublished": "2020-01-17T17:53:34.000Z",
        "dateReserved": "2019-04-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:40:15.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }