Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-7532 (GCVE-0-2018-7532)
Vulnerability from cvelistv5 – Published: 2018-03-22 18:00 – Updated: 2024-09-16 22:30
VLAI
EPSS
Summary
Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.
Severity
9.8 (Critical)
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01 | x_refsource_MISC |
| https://randorisec.fr/0day-anonymous-rce-on-geute… | x_refsource_MISC |
| http://www.securityfocus.com/bid/103474 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Geutebrück | Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware |
Affected:
G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1
|
Date Public
2018-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"name": "103474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Geutebr\u0026#195;\u0026#188;ck G-Cam/EFD-2250 (part n\u0026#194;\u0026#176; 5.02024) firmware and Topline TopFD-2125 (part n\u0026#194;\u0026#176; 5.02820) firmware",
"vendor": "Geutebr\u0026#195;\u0026#188;ck",
"versions": [
{
"status": "affected",
"version": "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1"
}
]
}
],
"datePublic": "2018-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-17T02:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"name": "103474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103474"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-03-20T00:00:00",
"ID": "CVE-2018-7532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Geutebr\u0026#195;\u0026#188;ck G-Cam/EFD-2250 (part n\u0026#194;\u0026#176; 5.02024) firmware and Topline TopFD-2125 (part n\u0026#194;\u0026#176; 5.02820) firmware",
"version": {
"version_data": [
{
"version_value": "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1"
}
]
}
}
]
},
"vendor_name": "Geutebr\u0026#195;\u0026#188;ck"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01"
},
{
"name": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/",
"refsource": "MISC",
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"name": "103474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103474"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7532",
"datePublished": "2018-03-22T18:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:43.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-7532",
"date": "2026-06-04",
"epss": "0.11358",
"percentile": "0.93685"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-7532\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2018-03-22T18:29:01.137\",\"lastModified\":\"2024-11-21T04:12:18.600\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.\"},{\"lang\":\"es\",\"value\":\"Se han identificado vulnerabilidades de falta de desautenticaci\u00f3n en las c\u00e1maras IP Geutebruck G-Cam/EFD-2250 1.12.0.4 y Topline TopFD-2125 3.15.1, que podr\u00edan permitir la ejecuci\u00f3n remota de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:geutebrueck:g-cam\\\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F01D3522-04BF-4916-B95A-6148E68ADCF5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:geutebrueck:g-cam\\\\/efd-2250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"608E18FF-6651-4EA6-A78C-2570CC019BCB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B14968B2-1140-424C-BFE8-608C68B4D328\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D62F27B8-6BB2-40DF-A00A-740D599CF4B3\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103474\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
}
}
Title
Geutebruck IP Cameras远程代码执行漏洞
Description
G-Cam/EFD-2250和Topline TopFD-2125都是Geutebruck公司的一款高清摄像机。
Geutebruck IP Cameras存在远程代码执行漏洞,攻击者可利用漏洞执行任意代码。
Severity
高
Patch Name
Geutebruck IP Cameras远程代码执行漏洞的补丁
Patch Description
G-Cam/EFD-2250和Topline TopFD-2125都是Geutebruck公司的一款高清摄像机。
Geutebruck IP Cameras存在远程代码执行漏洞,攻击者可利用漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可联系供应商获得补丁信息: https://www.geutebrueck.com//en_EN/login.html
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01
Impacted products
| Name | ['Geutebruck G-Cam/EFD-2250 1.12.0.4', 'Geutebruck Topline TopFD-2125 3.15.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-7532"
}
},
"description": "G-Cam/EFD-2250\u548cTopline TopFD-2125\u90fd\u662fGeutebruck\u516c\u53f8\u7684\u4e00\u6b3e\u9ad8\u6e05\u6444\u50cf\u673a\u3002\r\n\r\nGeutebruck IP Cameras\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "RandoriSec\u7684Davy Douhine\u548cGreenlock\u7684Nicolas Mattiocco",
"formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.geutebrueck.com//en_EN/login.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-06019",
"openTime": "2018-03-22",
"patchDescription": "G-Cam/EFD-2250\u548cTopline TopFD-2125\u90fd\u662fGeutebruck\u516c\u53f8\u7684\u4e00\u6b3e\u9ad8\u6e05\u6444\u50cf\u673a\u3002\r\n\r\nGeutebruck IP Cameras\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Geutebruck IP Cameras\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Geutebruck G-Cam/EFD-2250 1.12.0.4",
"Geutebruck Topline TopFD-2125 3.15.1"
]
},
"referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01",
"serverity": "\u9ad8",
"submitTime": "2018-03-22",
"title": "Geutebruck IP Cameras\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2018-7532
Vulnerability from fkie_nvd - Published: 2018-03-22 18:29 - Updated: 2024-11-21 04:12
Severity
Summary
Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/103474 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103474 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/ | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| geutebrueck | g-cam\/efd-2250_firmware | 1.12.0.4 | |
| geutebrueck | g-cam\/efd-2250 | - | |
| geutebrueck | topfd-2125_firmware | 3.15.1 | |
| geutebrueck | topfd-2125 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F01D3522-04BF-4916-B95A-6148E68ADCF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "608E18FF-6651-4EA6-A78C-2570CC019BCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B14968B2-1140-424C-BFE8-608C68B4D328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D62F27B8-6BB2-40DF-A00A-740D599CF4B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution."
},
{
"lang": "es",
"value": "Se han identificado vulnerabilidades de falta de desautenticaci\u00f3n en las c\u00e1maras IP Geutebruck G-Cam/EFD-2250 1.12.0.4 y Topline TopFD-2125 3.15.1, que podr\u00edan permitir la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2018-7532",
"lastModified": "2024-11-21T04:12:18.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-22T18:29:01.137",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103474"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3WCH-CP8H-4VH3
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details
Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2018-7532"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-22T18:29:00Z",
"severity": "CRITICAL"
},
"details": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.",
"id": "GHSA-3wch-cp8h-4vh3",
"modified": "2022-05-13T01:31:51Z",
"published": "2022-05-13T01:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7532"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01"
},
{
"type": "WEB",
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103474"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-7532
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-7532",
"description": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.",
"id": "GSD-2018-7532"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-7532"
],
"details": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.",
"id": "GSD-2018-7532",
"modified": "2023-12-13T01:22:32.989716Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-03-20T00:00:00",
"ID": "CVE-2018-7532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Geutebr\u0026#195;\u0026#188;ck G-Cam/EFD-2250 (part n\u0026#194;\u0026#176; 5.02024) firmware and Topline TopFD-2125 (part n\u0026#194;\u0026#176; 5.02820) firmware",
"version": {
"version_data": [
{
"version_value": "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1"
}
]
}
}
]
},
"vendor_name": "Geutebr\u0026#195;\u0026#188;ck"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01"
},
{
"name": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/",
"refsource": "MISC",
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"name": "103474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103474"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-7532"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01"
},
{
"name": "103474",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103474"
},
{
"name": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/",
"refsource": "MISC",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:42Z",
"publishedDate": "2018-03-22T18:29Z"
}
}
}
ICSA-18-079-01
Vulnerability from csaf_cisa - Published: 2018-03-20 00:00 - Updated: 2018-03-20 00:00Summary
Geutebruck IP Cameras
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: ATTENTION: Exploitable remotely/low skill level to exploit.
Critical infrastructure sectors: Commercial Facilities, Energy, Healthcare, Financial Services and Public Health
Countries/areas deployed: Europe, United States, Australia
Company headquarters location: Windhagen, Germany
Recommended Practices: NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls, and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Recommended Practices: NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available in the NCCIC Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.
Recommended Practices: Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Topline TopFD-2125 (part n° 5.02820) firmware: version 3.15.1
Geutebrück / Topline TopFD-2125 (part n° 5.02820) firmware
|
3.15.1 |
Mitigation
fix
Mitigation
|
|
|
G-Cam/EFD-2250 (part n° 5.02024) firmware: version 1.12.0.4
Geutebrück / G-Cam/EFD-2250 (part n° 5.02024) firmware
|
1.12.0.4 |
Mitigation
fix
Mitigation
|
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Topline TopFD-2125 (part n° 5.02820) firmware: version 3.15.1
Geutebrück / Topline TopFD-2125 (part n° 5.02820) firmware
|
3.15.1 |
Mitigation
fix
Mitigation
|
|
|
G-Cam/EFD-2250 (part n° 5.02024) firmware: version 1.12.0.4
Geutebrück / G-Cam/EFD-2250 (part n° 5.02024) firmware
|
1.12.0.4 |
Mitigation
fix
Mitigation
|
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Topline TopFD-2125 (part n° 5.02820) firmware: version 3.15.1
Geutebrück / Topline TopFD-2125 (part n° 5.02820) firmware
|
3.15.1 |
Mitigation
fix
Mitigation
|
|
|
G-Cam/EFD-2250 (part n° 5.02024) firmware: version 1.12.0.4
Geutebrück / G-Cam/EFD-2250 (part n° 5.02024) firmware
|
1.12.0.4 |
Mitigation
fix
Mitigation
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Topline TopFD-2125 (part n° 5.02820) firmware: version 3.15.1
Geutebrück / Topline TopFD-2125 (part n° 5.02820) firmware
|
3.15.1 |
Mitigation
fix
Mitigation
|
|
|
G-Cam/EFD-2250 (part n° 5.02024) firmware: version 1.12.0.4
Geutebrück / G-Cam/EFD-2250 (part n° 5.02024) firmware
|
1.12.0.4 |
Mitigation
fix
Mitigation
|
8.3 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Topline TopFD-2125 (part n° 5.02820) firmware: version 3.15.1
Geutebrück / Topline TopFD-2125 (part n° 5.02820) firmware
|
3.15.1 |
Mitigation
fix
Mitigation
|
|
|
G-Cam/EFD-2250 (part n° 5.02024) firmware: version 1.12.0.4
Geutebrück / G-Cam/EFD-2250 (part n° 5.02024) firmware
|
1.12.0.4 |
Mitigation
fix
Mitigation
|
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Topline TopFD-2125 (part n° 5.02820) firmware: version 3.15.1
Geutebrück / Topline TopFD-2125 (part n° 5.02820) firmware
|
3.15.1 |
Mitigation
fix
Mitigation
|
|
|
G-Cam/EFD-2250 (part n° 5.02024) firmware: version 1.12.0.4
Geutebrück / G-Cam/EFD-2250 (part n° 5.02024) firmware
|
1.12.0.4 |
Mitigation
fix
Mitigation
|
References
15 references
Acknowledgments
RandoriSec
Davy Douhine
Greenlock
Nicolas Mattiocco
{
"document": {
"acknowledgments": [
{
"names": [
"Davy Douhine"
],
"organization": "RandoriSec",
"summary": "reporting these vulnerabilities to NCCIC"
},
{
"names": [
"Nicolas Mattiocco"
],
"organization": "Greenlock",
"summary": "reporting these vulnerabilities to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "ATTENTION: Exploitable remotely/low skill level to exploit.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities, Energy, Healthcare, Financial Services and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Europe, United States, Australia",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Windhagen, Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls, and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available in the NCCIC Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-18-079-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-079-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-079-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-079-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/"
}
],
"title": "Geutebruck IP Cameras",
"tracking": {
"current_release_date": "2018-03-20T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-079-01",
"initial_release_date": "2018-03-20T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-03-20T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-18-079-01 Geutebruck IP Cameras"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.15.1",
"product": {
"name": "Topline TopFD-2125 (part n\u00c2\u00b0 5.02820) firmware: version 3.15.1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Topline TopFD-2125 (part n\u00c2\u00b0 5.02820) firmware"
},
{
"branches": [
{
"category": "product_version",
"name": "1.12.0.4",
"product": {
"name": "G-Cam/EFD-2250 (part n\u00c2\u00b0 5.02024) firmware: version 1.12.0.4",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "G-Cam/EFD-2250 (part n\u00c2\u00b0 5.02024) firmware"
}
],
"category": "vendor",
"name": "Geutebr\u00c3\u00bcck"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-7532",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Unauthentication vulnerabilities have been identified, which may allow remote code execution. CVE-2018-7532 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7532"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Geutebr\u00fcck recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19, by registering for a new WebClub account, or by logging into an existing account",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.geutebrueck.com/en_EN/login.html"
},
{
"category": "mitigation",
"details": "Topline users can visit the previous link for workaround advice and contact information regarding the vulnerabilities associated with the device.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-7528",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An SQL injection vulnerability has been identified, which may allow an attacker to alter stored data. CVE-2018-7528 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7528"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Geutebr\u00fcck recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19, by registering for a new WebClub account, or by logging into an existing account",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.geutebrueck.com/en_EN/login.html"
},
{
"category": "mitigation",
"details": "Topline users can visit the previous link for workaround advice and contact information regarding the vulnerabilities associated with the device.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-7524",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "summary",
"text": "A cross-site request forgery vulnerability has been identified, which may allow an unauthorized user to be added to the system. CVE-2018-7524 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7524"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Geutebr\u00fcck recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19, by registering for a new WebClub account, or by logging into an existing account",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.geutebrueck.com/en_EN/login.html"
},
{
"category": "mitigation",
"details": "Topline users can visit the previous link for workaround advice and contact information regarding the vulnerabilities associated with the device.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-7520",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "An improper access control vulnerability has been identified, which could allow a full configuration download, including passwords. CVE-2018-7520 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7520"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Geutebr\u00fcck recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19, by registering for a new WebClub account, or by logging into an existing account",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.geutebrueck.com/en_EN/login.html"
},
{
"category": "mitigation",
"details": "Topline users can visit the previous link for workaround advice and contact information regarding the vulnerabilities associated with the device.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-7516",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "summary",
"text": "A server-side request forgery vulnerability has been identified, which could lead to proxied network scans. CVE-2018-7516 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7516"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Geutebr\u00fcck recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19, by registering for a new WebClub account, or by logging into an existing account",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.geutebrueck.com/en_EN/login.html"
},
{
"category": "mitigation",
"details": "Topline users can visit the previous link for workaround advice and contact information regarding the vulnerabilities associated with the device.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-7512",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A cross-site scripting vulnerability has been identified, which may allow remote code execution. CVE-2018-7512 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7512"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Geutebr\u00fcck recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19, by registering for a new WebClub account, or by logging into an existing account",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.geutebrueck.com/en_EN/login.html"
},
{
"category": "mitigation",
"details": "Topline users can visit the previous link for workaround advice and contact information regarding the vulnerabilities associated with the device.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
VAR-201803-2221
Vulnerability from variot - Updated: 2024-11-23 21:53Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:geutebruck:g-cam%2fefd-2250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:geutebruck:topfd-2125_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7532",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06019",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137564",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7532",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7532",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7532",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06019",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-761",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137564",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137564"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7532",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E6FB10-39AB-11E9-8292-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137564",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"id": "VAR-201803-2221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
}
],
"trust": 1.7456349166666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
}
]
},
"last_update_date": "2024-11-23T21:53:17.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_EN.html"
},
{
"title": "Patch for Geutebruck IPCameras Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/122847"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 1.7,
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7532"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137564"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"date": "2018-03-22T18:29:01.137000",
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137564"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-761"
},
{
"date": "2024-11-21T04:12:18.600000",
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
],
"trust": 0.6
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…