Search criteria
32 vulnerabilities found for g-code_eec-2400_firmware by geutebrueck
CVE-2021-33554 (GCVE-0-2021-33554)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 03:08
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in appfile.filename parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in appfile.filename parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33554",
"datePublished": "2021-09-13T17:55:49.767891Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T03:08:06.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33553 (GCVE-0-2021-33553)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 20:17
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in command parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33553",
"datePublished": "2021-09-13T17:55:48.174522Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T20:17:28.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33552 (GCVE-0-2021-33552)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:50
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33552",
"datePublished": "2021-09-13T17:55:46.549577Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:50:35.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33551 (GCVE-0-2021-33551)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 18:13
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in environment.lang parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33551",
"datePublished": "2021-09-13T17:55:44.932289Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T18:13:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33550 (GCVE-0-2021-33550)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:11
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33550",
"datePublished": "2021-09-13T17:55:43.372471Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:11:15.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33549 (GCVE-0-2021-33549)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 00:00
VLAI?
Title
UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T21:06:48",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:01.000Z",
"ID": "CVE-2021-33549",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"name": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33549",
"datePublished": "2021-09-13T17:55:41.804280Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T00:00:56.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33548 (GCVE-0-2021-33548)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 19:41
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in preserve parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33548",
"datePublished": "2021-09-13T17:55:40.187378Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T19:41:35.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33547 (GCVE-0-2021-33547)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 02:47
VLAI?
Title
UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33547",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33547",
"datePublished": "2021-09-13T17:55:38.601837Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T02:47:47.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33546 (GCVE-0-2021-33546)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 04:24
VLAI?
Title
UDP Technology/Geutebrück camera devices: Buffer overflow in name parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:36",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33546",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33546",
"datePublished": "2021-09-13T17:55:36.920572Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T04:24:10.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33545 (GCVE-0-2021-33545)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:55
VLAI?
Title
UDP Technology/Geutebrück camera devices: Buffer overflow in counter parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:35",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33545",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33545",
"datePublished": "2021-09-13T17:55:35.310478Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:55:45.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33544 (GCVE-0-2021-33544)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 17:03
VLAI?
Title
UDP Technology/Geutebrück camera devices: command injection leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33544",
"datePublished": "2021-09-13T17:55:33.770594Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T17:03:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33543 (GCVE-0-2021-33543)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-08-03 23:50
VLAI?
Title
UDP Technology/Geutebrück camera devices: Authentication Bypass
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T14:30:17",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2021-33543",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33543",
"datePublished": "2021-09-13T17:55:32",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16205 (GCVE-0-2020-16205)
Vulnerability from nvd – Published: 2020-08-14 13:56 – Updated: 2024-08-04 13:37
VLAI?
Summary
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
Severity ?
No CVSS data available.
CWE
- CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | G-Cam and G-Code |
Affected:
Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "G-Cam and G-Code",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T19:06:10",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "G-Cam and G-Code",
"version": {
"version_data": [
{
"version_value": "Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
},
{
"name": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16205",
"datePublished": "2020-08-14T13:56:23",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10958 (GCVE-0-2019-10958)
Vulnerability from nvd – Published: 2020-01-17 17:53 – Updated: 2024-08-04 22:40
VLAI?
Summary
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.
Severity ?
No CVSS data available.
CWE
- CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Geutebruck IP Cameras |
Affected:
G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Geutebruck IP Cameras",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-17T17:53:34",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Geutebruck IP Cameras",
"version": {
"version_data": [
{
"version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10958",
"datePublished": "2020-01-17T17:53:34",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10957 (GCVE-0-2019-10957)
Vulnerability from nvd – Published: 2020-01-17 17:53 – Updated: 2024-08-04 22:40
VLAI?
Summary
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.
Severity ?
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Geutebruck IP Cameras |
Affected:
G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Geutebruck IP Cameras",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-17T17:53:09",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Geutebruck IP Cameras",
"version": {
"version_data": [
{
"version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10957",
"datePublished": "2020-01-17T17:53:09",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10956 (GCVE-0-2019-10956)
Vulnerability from nvd – Published: 2020-01-17 17:52 – Updated: 2024-08-04 22:40
VLAI?
Summary
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.
Severity ?
No CVSS data available.
CWE
- CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Geutebruck IP Cameras |
Affected:
G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Geutebruck IP Cameras",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-17T17:52:38",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Geutebruck IP Cameras",
"version": {
"version_data": [
{
"version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10956",
"datePublished": "2020-01-17T17:52:38",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33554 (GCVE-0-2021-33554)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 03:08
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in appfile.filename parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in appfile.filename parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33554",
"datePublished": "2021-09-13T17:55:49.767891Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T03:08:06.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33553 (GCVE-0-2021-33553)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 20:17
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in command parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33553",
"datePublished": "2021-09-13T17:55:48.174522Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T20:17:28.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33552 (GCVE-0-2021-33552)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:50
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33552",
"datePublished": "2021-09-13T17:55:46.549577Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:50:35.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33551 (GCVE-0-2021-33551)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 18:13
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in environment.lang parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33551",
"datePublished": "2021-09-13T17:55:44.932289Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T18:13:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33550 (GCVE-0-2021-33550)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:11
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33550",
"datePublished": "2021-09-13T17:55:43.372471Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:11:15.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33549 (GCVE-0-2021-33549)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 00:00
VLAI?
Title
UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T21:06:48",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:01.000Z",
"ID": "CVE-2021-33549",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"name": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33549",
"datePublished": "2021-09-13T17:55:41.804280Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T00:00:56.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33548 (GCVE-0-2021-33548)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 19:41
VLAI?
Title
UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in preserve parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33548",
"datePublished": "2021-09-13T17:55:40.187378Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T19:41:35.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33547 (GCVE-0-2021-33547)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 02:47
VLAI?
Title
UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33547",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33547",
"datePublished": "2021-09-13T17:55:38.601837Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T02:47:47.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33546 (GCVE-0-2021-33546)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 04:24
VLAI?
Title
UDP Technology/Geutebrück camera devices: Buffer overflow in name parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:36",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33546",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33546",
"datePublished": "2021-09-13T17:55:36.920572Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T04:24:10.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33545 (GCVE-0-2021-33545)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:55
VLAI?
Title
UDP Technology/Geutebrück camera devices: Buffer overflow in counter parameter leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:35",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33545",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33545",
"datePublished": "2021-09-13T17:55:35.310478Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:55:45.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33544 (GCVE-0-2021-33544)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 17:03
VLAI?
Title
UDP Technology/Geutebrück camera devices: command injection leading to RCE
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33544",
"datePublished": "2021-09-13T17:55:33.770594Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T17:03:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33543 (GCVE-0-2021-33543)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-08-03 23:50
VLAI?
Title
UDP Technology/Geutebrück camera devices: Authentication Bypass
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T14:30:17",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2021-33543",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33543",
"datePublished": "2021-09-13T17:55:32",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16205 (GCVE-0-2020-16205)
Vulnerability from cvelistv5 – Published: 2020-08-14 13:56 – Updated: 2024-08-04 13:37
VLAI?
Summary
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
Severity ?
No CVSS data available.
CWE
- CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | G-Cam and G-Code |
Affected:
Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "G-Cam and G-Code",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T19:06:10",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "G-Cam and G-Code",
"version": {
"version_data": [
{
"version_value": "Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
},
{
"name": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16205",
"datePublished": "2020-08-14T13:56:23",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10958 (GCVE-0-2019-10958)
Vulnerability from cvelistv5 – Published: 2020-01-17 17:53 – Updated: 2024-08-04 22:40
VLAI?
Summary
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.
Severity ?
No CVSS data available.
CWE
- CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Geutebruck IP Cameras |
Affected:
G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Geutebruck IP Cameras",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-17T17:53:34",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Geutebruck IP Cameras",
"version": {
"version_data": [
{
"version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10958",
"datePublished": "2020-01-17T17:53:34",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}