Search criteria
24 vulnerabilities found for Encoder G-Code by Geutebrück
CVE-2021-33554 (GCVE-0-2021-33554)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 03:08
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in appfile.filename parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33554",
"datePublished": "2021-09-13T17:55:49.767891Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T03:08:06.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33553 (GCVE-0-2021-33553)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 20:17
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in command parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33553",
"datePublished": "2021-09-13T17:55:48.174522Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T20:17:28.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33552 (GCVE-0-2021-33552)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:50
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33552",
"datePublished": "2021-09-13T17:55:46.549577Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:50:35.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33551 (GCVE-0-2021-33551)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 18:13
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in environment.lang parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33551",
"datePublished": "2021-09-13T17:55:44.932289Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T18:13:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33550 (GCVE-0-2021-33550)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:11
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33550",
"datePublished": "2021-09-13T17:55:43.372471Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:11:15.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33549 (GCVE-0-2021-33549)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 00:00
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T21:06:48",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:01.000Z",
"ID": "CVE-2021-33549",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"name": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33549",
"datePublished": "2021-09-13T17:55:41.804280Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T00:00:56.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33548 (GCVE-0-2021-33548)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 19:41
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in preserve parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33548",
"datePublished": "2021-09-13T17:55:40.187378Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T19:41:35.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33547 (GCVE-0-2021-33547)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 02:47
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33547",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33547",
"datePublished": "2021-09-13T17:55:38.601837Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T02:47:47.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33546 (GCVE-0-2021-33546)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 04:24
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:36",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33546",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33546",
"datePublished": "2021-09-13T17:55:36.920572Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T04:24:10.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33545 (GCVE-0-2021-33545)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:55
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:35",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33545",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33545",
"datePublished": "2021-09-13T17:55:35.310478Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:55:45.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33544 (GCVE-0-2021-33544)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-09-16 17:03
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33544",
"datePublished": "2021-09-13T17:55:33.770594Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T17:03:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33543 (GCVE-0-2021-33543)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:55 – Updated: 2024-08-03 23:50
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T14:30:17",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2021-33543",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33543",
"datePublished": "2021-09-13T17:55:32",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33554 (GCVE-0-2021-33554)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 03:08
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in appfile.filename parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33554",
"datePublished": "2021-09-13T17:55:49.767891Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T03:08:06.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33553 (GCVE-0-2021-33553)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 20:17
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in command parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33553",
"datePublished": "2021-09-13T17:55:48.174522Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T20:17:28.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33552 (GCVE-0-2021-33552)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:50
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33552",
"datePublished": "2021-09-13T17:55:46.549577Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:50:35.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33551 (GCVE-0-2021-33551)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 18:13
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in environment.lang parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33551",
"datePublished": "2021-09-13T17:55:44.932289Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T18:13:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33550 (GCVE-0-2021-33550)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:11
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33550",
"datePublished": "2021-09-13T17:55:43.372471Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:11:15.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33549 (GCVE-0-2021-33549)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 00:00
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T21:06:48",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:01.000Z",
"ID": "CVE-2021-33549",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"name": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33549",
"datePublished": "2021-09-13T17:55:41.804280Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T00:00:56.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33548 (GCVE-0-2021-33548)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 19:41
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in preserve parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33548",
"datePublished": "2021-09-13T17:55:40.187378Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T19:41:35.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33547 (GCVE-0-2021-33547)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 02:47
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33547",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33547",
"datePublished": "2021-09-13T17:55:38.601837Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T02:47:47.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33546 (GCVE-0-2021-33546)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 04:24
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:36",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33546",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33546",
"datePublished": "2021-09-13T17:55:36.920572Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T04:24:10.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33545 (GCVE-0-2021-33545)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-17 01:55
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:35",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33545",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33545",
"datePublished": "2021-09-13T17:55:35.310478Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:55:45.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33544 (GCVE-0-2021-33544)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-09-16 17:03
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33544",
"datePublished": "2021-09-13T17:55:33.770594Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T17:03:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33543 (GCVE-0-2021-33543)
Vulnerability from nvd – Published: 2021-09-13 17:55 – Updated: 2024-08-03 23:50
VLAI?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Geutebrück | E2 Series |
Affected:
EBC-21xx 1.12.13.2
Affected: EBC-21xx 1.12.14.5 Affected: EFD-22xx 1.12.13.2 Affected: EFD-22xx 1.12.14.5 Affected: ETHC-22xx 1.12.13.2 Affected: ETHC-22xx 1.12.14.5 Affected: EWPC-22xx 1.12.13.2 Affected: EWPC-22xx 1.12.14.5 Affected: EBC-21xx , ≤ 1.12.0.27 (custom) Affected: EFD-22xx , ≤ 1.12.0.27 (custom) Affected: ETHC-22xx , ≤ 1.12.0.27 (custom) Affected: EWPC-22xx , ≤ 1.12.0.27 (custom) |
|||||||
|
|||||||||
Credits
Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T14:30:17",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2021-33543",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33543",
"datePublished": "2021-09-13T17:55:32",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}