Search criteria
6 vulnerabilities found for topfd-2125 by geutebrueck
VAR-201803-2218
Vulnerability from variot - Updated: 2023-12-18 12:18An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7528",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06024",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e94500-39ab-11e9-a236-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137560",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7528",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7528",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-06024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-762",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137560",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137560"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7528",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-06024",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E94500-39AB-11E9-A236-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137560",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"id": "VAR-201803-2218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
}
]
},
"last_update_date": "2023-12-18T12:18:58.437000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "GeutebruckIPCamerasSQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122849"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79348"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7528"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7528"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137560"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"date": "2018-03-22T18:29:01.087000",
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137560"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"date": "2019-10-09T23:42:23.377000",
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
],
"trust": 0.8
}
}
VAR-201803-2221
Vulnerability from variot - Updated: 2023-12-18 12:18Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7532",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06019",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137564",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7532",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7532",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-06019",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-761",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137564",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137564"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7532",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E6FB10-39AB-11E9-8292-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137564",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"id": "VAR-201803-2221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
}
]
},
"last_update_date": "2023-12-18T12:18:58.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "Patch for Geutebruck IPCameras Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122847"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 1.7,
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7532"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137564"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"date": "2018-03-22T18:29:01.137000",
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137564"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"date": "2019-10-09T23:42:23.830000",
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
],
"trust": 0.6
}
}
VAR-201803-2207
Vulnerability from variot - Updated: 2023-12-18 12:18A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06023",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-137544",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7512",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7512",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-06023",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-766",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137544",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137544"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7512",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06023",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E6FB0F-39AB-11E9-B666-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137544",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"id": "VAR-201803-2207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
}
]
},
"last_update_date": "2023-12-18T12:18:58.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "Patch for Geutebruck IPCameras Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122839"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79352"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7512"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7512"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137544"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"date": "2018-03-22T18:29:00.837000",
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137544"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"date": "2019-10-09T23:42:21.267000",
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
],
"trust": 0.6
}
}
VAR-201803-2216
Vulnerability from variot - Updated: 2023-12-18 12:18A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7524",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06021",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-137556",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7524",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7524",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-06021",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-763",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137556",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137556"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7524",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-06021",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E8F6E1-39AB-11E9-AC0F-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137556",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"id": "VAR-201803-2216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
}
]
},
"last_update_date": "2023-12-18T12:18:58.558000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "GeutebruckIPCameras cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122843"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79349"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7524"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7524"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137556"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"date": "2018-03-22T18:29:01.027000",
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137556"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"date": "2019-10-09T23:42:23.003000",
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
],
"trust": 0.6
}
}
VAR-201803-2210
Vulnerability from variot - Updated: 2023-12-18 12:18A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company. An attacker could exploit this vulnerability to scan proxy networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7516",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7516",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7516",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7516",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-06022",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-765",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137548",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company. An attacker could exploit this vulnerability to scan proxy networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137548"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7516",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E7221E-39AB-11E9-A995-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137548",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"id": "VAR-201803-2210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
}
]
},
"last_update_date": "2023-12-18T12:18:58.474000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "Patch for Geutebruck IPCameras Cross-Site Request Forgery Vulnerability (CNVD-2018-06022)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122841"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7516"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7516"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137548"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"date": "2018-03-22T18:29:00.900000",
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137548"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"date": "2019-10-09T23:42:22.080000",
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Server-side request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
],
"trust": 0.8
}
}
VAR-201803-2213
Vulnerability from variot - Updated: 2023-12-18 12:18An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2213",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7520",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06020",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137552",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7520",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7520",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-06020",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-764",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137552",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137552"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-137552",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137552"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7520",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06020",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E8F6E2-39AB-11E9-B0E9-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148380",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-137552",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"id": "VAR-201803-2213",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
}
]
},
"last_update_date": "2023-12-18T12:18:58.361000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "GeutebruckIPCameras patch for incorrect access control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122845"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79350"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7520"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7520"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137552"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"date": "2018-03-22T18:29:00.963000",
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-137552"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"date": "2020-10-02T14:53:05.433000",
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Incorrect access control vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
],
"trust": 0.6
}
}