Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by geutebruck
VAR-201812-0470
Vulnerability from variot - Updated: 2023-12-18 14:05In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\303\274ck E2CameraSeries is an E2 series webcam from Geutebr\303\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebrück GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0470",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam\\/efd-2251",
"scope": "lt",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam\\/ewpc-2275",
"scope": "lt",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2251",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-2275",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "e2 camera series",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "e2 series camera",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebr\u00fcck",
"version": "1.12"
},
{
"model": "e2 series camera",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebr\u00fcck",
"version": "1.12.0.25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2251_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2251:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/ewpc-2275_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/ewpc-2275:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "106208"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-19007",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2019-04134",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-19007",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19007",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-04134",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-657",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-19007",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\\303\\274ck E2CameraSeries is an E2 series webcam from Geutebr\\303\\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebr\u00c3\u00bcck GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19007",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-347-03",
"trust": 2.8
},
{
"db": "BID",
"id": "106208",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-04134",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-19007",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"id": "VAR-201812-0470",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
}
]
},
"last_update_date": "2023-12-18T14:05:17.281000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.guardzilla.com/"
},
{
"title": "Geutebr\\303\\274ckE2CameraSeries operating system command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/153491"
},
{
"title": "Geutebr\u00fcck E2 Camera Series Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-347-03"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/106208"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19007"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19007"
},
{
"trust": 0.3,
"url": "https://www.geutebrueck.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"date": "2018-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"date": "2018-12-14T00:00:00",
"db": "BID",
"id": "106208"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"date": "2018-12-14T20:29:00.297000",
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"date": "2018-12-14T00:00:00",
"db": "BID",
"id": "106208"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"date": "2019-10-09T23:37:35.553000",
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebrueck GmbH E2 Camera In the series OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
],
"trust": 0.6
}
}
VAR-201705-3255
Vulnerability from variot - Updated: 2023-12-18 12:44An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service. Attackers may exploit these issues to gain unauthorized access to the affected device and to execute arbitrary code within the context of the affected device. G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.1,
"vendor": "geutebruck",
"version": "1.11.0.12"
},
{
"model": "ip camera g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.11.0.12"
},
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 0.6,
"vendor": "geutebrueck",
"version": "1.11.0.12"
},
{
"model": "ip camera g-cam efd-2250",
"scope": "eq",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.11.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ip camera g cam efd 2250",
"version": "1.11.0.12"
}
],
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:ip_camera_g-cam_efd-2250_firmware:1.11.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:ip_camera_g-cam_efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5173"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Florent Montel, Frederic Cikala, and Davy Douhine of RandoriSec",
"sources": [
{
"db": "BID",
"id": "96209"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5173",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5173",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01889",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-113376",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5173",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5173",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-01889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-611",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113376",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5173",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service. \nAttackers may exploit these issues to gain unauthorized access to the affected device and to execute arbitrary code within the context of the affected device. \nG-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113376",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41360",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5173",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-045-02",
"trust": 2.9
},
{
"db": "BID",
"id": "96209",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "41360",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01889",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263",
"trust": 0.8
},
{
"db": "IVD",
"id": "05EBD79B-F06D-41C7-986C-D7D4284611B4",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "141142",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113376",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5173",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"id": "VAR-201705-3255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
}
],
"trust": 1.725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
}
]
},
"last_update_date": "2023-12-18T12:44:37.070000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "Patch for Geutebruck G-Cam/EFD-2250 Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89709"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68204"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-943",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/96209"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/41360/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5173"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5173"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02 "
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/943.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"db": "VULHUB",
"id": "VHN-113376"
},
{
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"date": "2017-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-113376"
},
{
"date": "2017-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"date": "2017-02-14T00:00:00",
"db": "BID",
"id": "96209"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"date": "2017-05-19T03:29:00.183000",
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01889"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-113376"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5173"
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96209"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004263"
},
{
"date": "2022-02-10T17:58:18.437000",
"db": "NVD",
"id": "CVE-2017-5173"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck G-Cam/EFD-2250 Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "05ebd79b-f06d-41c7-986c-d7d4284611b4"
},
{
"db": "CNVD",
"id": "CNVD-2017-01889"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-611"
}
],
"trust": 0.6
}
}
VAR-201705-3256
Vulnerability from variot - Updated: 2023-12-18 12:44An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition. G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3256",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip camera g-cam efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebruck",
"version": "1.11.0.12"
},
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.1,
"vendor": "geutebruck",
"version": "1.11.0.12"
},
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 0.6,
"vendor": "geutebrueck",
"version": "1.11.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ip camera g cam efd 2250",
"version": "1.11.0.12"
}
],
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebruck:ip_camera_g-cam_efd-2250_firmware:1.11.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebruck:ip_camera_g-cam_efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5174"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Florent Montel, Frederic Cikala, and Davy Douhine of RandoriSec",
"sources": [
{
"db": "BID",
"id": "96209"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5174",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5174",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01888",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113377",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5174",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5174",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-01888",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-610",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113377",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5174",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition. \nG-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113377",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41360",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5174",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-045-02",
"trust": 2.9
},
{
"db": "BID",
"id": "96209",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "41360",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01888",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264",
"trust": 0.8
},
{
"db": "IVD",
"id": "409C1FE8-A44C-4075-B30D-BC6E6046C75F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-113377",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5174",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"id": "VAR-201705-3256",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
}
],
"trust": 1.725
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
}
]
},
"last_update_date": "2023-12-18T12:44:37.029000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "Geutebruck G-Cam/EFD-2250 authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89708"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68205"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/96209"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/41360/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5174"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5174"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-02 "
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"db": "VULHUB",
"id": "VHN-113377"
},
{
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"db": "BID",
"id": "96209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "IVD",
"id": "409c1fe8-a44c-4075-b30d-bc6e6046c75f"
},
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"date": "2017-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-113377"
},
{
"date": "2017-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"date": "2017-02-14T00:00:00",
"db": "BID",
"id": "96209"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"date": "2017-05-19T03:29:00.230000",
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01888"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113377"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5174"
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96209"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004264"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5174"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Camera G-Cam/EFD-2250 Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004264"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-610"
}
],
"trust": 0.6
}
}
VAR-202008-0367
Vulnerability from variot - Updated: 2023-12-18 12:35Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). G-Cam and G-Code To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Geutebruck GmbH is a German high-tech private company that specializes in designing and producing high-quality, perfectly matched video security solutions.
Geutebruck IP Cameras certification RCE vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2111",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ewpc-2270",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-code eec-2400",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ebc-2110",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2239",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam ethc-2240",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam ethc-2249",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.14.5"
},
{
"model": "g-cam efd-2241",
"scope": "eq",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ebc-2110",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ebc-2111",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2240",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2241",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/efd-2250",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2230",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2239",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2240",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ethc-2249",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-cam/ewpc-2270",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-code/eec-2400",
"scope": null,
"trust": 0.8,
"vendor": "geutebruck",
"version": null
},
{
"model": "g-code: eec-2xxx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
},
{
"model": "g-cam: ebc-21xx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
},
{
"model": "g-cam:efd-22xx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
},
{
"model": "g-cam:ethc-22xx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
},
{
"model": "g-cam:ewpc-22xx version",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.27"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
],
"trust": 0.6
},
"cve": "CVE-2020-16205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-009458",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-14829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009458",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16205",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009458",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-14829",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-267",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5). G-Cam and G-Code To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Geutebruck GmbH is a German high-tech private company that specializes in designing and producing high-quality, perfectly matched video security solutions. \n\r\n\r\nGeutebruck IP Cameras certification RCE vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16205"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "CNVD",
"id": "CNVD-2021-14829"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16205",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-219-03",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "158888",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-14829",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2719",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
]
},
"id": "VAR-202008-0367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.9500000000000001
},
"last_update_date": "2023-12-18T12:35:26.895000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/index.html"
},
{
"title": "Patch for Geutebruck IP Cameras certification RCE vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/251321"
},
{
"title": "Geutebr\u00fcck G-Cam and G-Code Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126603"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/158888/geutebruck-testaction.cgi-remote-command-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16205"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16205"
},
{
"trust": 0.6,
"url": "https://www.randorisec.fr/s05e01-rce-on-geutebruck-ip-cameras/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2719/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"db": "NVD",
"id": "CVE-2020-16205"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"date": "2020-11-06T05:06:27",
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"date": "2020-08-14T14:15:12.487000",
"db": "NVD",
"id": "CVE-2020-16205"
},
{
"date": "2020-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14829"
},
{
"date": "2020-11-06T05:06:27",
"db": "JVNDB",
"id": "JVNDB-2020-009458"
},
{
"date": "2020-08-19T21:32:29.860000",
"db": "NVD",
"id": "CVE-2020-16205"
},
{
"date": "2020-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "G-Cam and G-Code In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009458"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-267"
}
],
"trust": 0.6
}
}
VAR-202001-1487
Vulnerability from variot - Updated: 2023-12-18 12:27Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.
Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-2110",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-2111",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2240",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2241",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2250",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2230",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2239",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2240",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2249",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2400",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-21xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ethc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/efd-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ebc-21xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-10956",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-22346",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10956",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10956",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-22346",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-10956",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10956"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-155-03",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2019-10956",
"trust": 3.4
},
{
"db": "BID",
"id": "108579",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22346",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-10956",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
]
},
"id": "VAR-202001-1487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
}
],
"trust": 1.5125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
}
]
},
"last_update_date": "2023-12-18T12:27:45.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/"
},
{
"title": "Patch for Geutebr\u00fcck G-Cam and G-Code OS command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213553"
},
{
"title": "Multiple Geutebr\u00fcck Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93177"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10956"
},
{
"trust": 0.9,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10956"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108579"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"db": "NVD",
"id": "CVE-2019-10956"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"date": "2020-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"date": "2020-01-17T18:15:12.040000",
"db": "NVD",
"id": "CVE-2019-10956"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22346"
},
{
"date": "2020-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10956"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014194"
},
{
"date": "2020-01-24T22:10:30.303000",
"db": "NVD",
"id": "CVE-2019-10956"
},
{
"date": "2020-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Camera G-Code and G-Cam In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-088"
}
],
"trust": 0.6
}
}
VAR-202001-1489
Vulnerability from variot - Updated: 2023-12-18 12:27Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.
Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1489",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-2110",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-2111",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2240",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2241",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2250",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2230",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2239",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2240",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2249",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2400",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-21xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ethc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/efd-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ebc-21xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10958",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-10958",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-22345",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10958",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10958",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-22345",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-087",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10958"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-155-03",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2019-10958",
"trust": 3.3
},
{
"db": "BID",
"id": "108579",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22345",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
]
},
"id": "VAR-202001-1489",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
}
],
"trust": 1.5125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
}
]
},
"last_update_date": "2023-12-18T12:27:45.146000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/"
},
{
"title": "Patch for Geutebr\u00fcck G-Cam and G-Code OS command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213555"
},
{
"title": "Multiple Geutebr\u00fcck Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93176"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
},
{
"trust": 1.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10958"
},
{
"trust": 0.9,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10958"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108579"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"db": "NVD",
"id": "CVE-2019-10958"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"date": "2020-01-17T18:15:12.260000",
"db": "NVD",
"id": "CVE-2019-10958"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22345"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014196"
},
{
"date": "2020-01-24T22:16:45.353000",
"db": "NVD",
"id": "CVE-2019-10958"
},
{
"date": "2020-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Camera G-Code and G-Cam In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014196"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-087"
}
],
"trust": 0.6
}
}
VAR-202001-1488
Vulnerability from variot - Updated: 2023-12-18 12:27Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. Geutebruck IP Camera G-Code and G-Cam Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.
Geutebrück G-Cam and G-Code have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. Geutebruck G-Cam and G-Code are prone to an HTML-injection vulnerability and multiple OS command-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam ebc-2111",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2241",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ebc-2110",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2250",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2249",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ewpc-2270",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2230",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam ethc-2239",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-code eec-2400",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam efd-2240",
"scope": "lte",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-2110",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-2111",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2240",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2241",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2250",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2230",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2239",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2240",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-2249",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2400",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code",
"scope": "lte",
"trust": 0.6,
"vendor": "geutebruck",
"version": "\u003c=1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ethc-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-22xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ebc-21xx",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "g-code/eec-2xxx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ewpc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ethc-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/efd-22xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
},
{
"model": "g-cam/ebc-21xx",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.13.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec., and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10957",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10957",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-22347",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-10957",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10957",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-22347",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-090",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-10957",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser. Geutebruck IP Camera G-Code and G-Cam Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. Geutebruck G-Cam and G-Code are prone to an HTML-injection vulnerability and multiple OS command-injection vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-155-03",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2019-10957",
"trust": 3.4
},
{
"db": "BID",
"id": "108579",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22347",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-10957",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
]
},
"id": "VAR-202001-1488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
}
],
"trust": 1.5125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
}
]
},
"last_update_date": "2023-12-18T12:27:45.112000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/"
},
{
"title": "Patch for Geutebr\u00fcck G-Cam and G-Code cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213551"
},
{
"title": "Multiple Geutebr\u00fcck Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93179"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10957"
},
{
"trust": 0.9,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10957"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108579"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162091"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"db": "BID",
"id": "108579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"db": "NVD",
"id": "CVE-2019-10957"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"date": "2020-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"date": "2020-01-17T18:15:12.180000",
"db": "NVD",
"id": "CVE-2019-10957"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22347"
},
{
"date": "2020-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10957"
},
{
"date": "2019-06-05T00:00:00",
"db": "BID",
"id": "108579"
},
{
"date": "2020-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014195"
},
{
"date": "2023-02-01T16:27:37.857000",
"db": "NVD",
"id": "CVE-2019-10957"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Camera G-Code and G-Cam Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014195"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-090"
}
],
"trust": 0.6
}
}
VAR-201803-2216
Vulnerability from variot - Updated: 2023-12-18 12:18A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7524",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06021",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-137556",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7524",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7524",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-06021",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-763",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137556",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137556"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7524",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-06021",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E8F6E1-39AB-11E9-AC0F-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137556",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"id": "VAR-201803-2216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
}
]
},
"last_update_date": "2023-12-18T12:18:58.558000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "GeutebruckIPCameras cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122843"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79349"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7524"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7524"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"db": "VULHUB",
"id": "VHN-137556"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137556"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"date": "2018-03-22T18:29:01.027000",
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06021"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137556"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003344"
},
{
"date": "2019-10-09T23:42:23.003000",
"db": "NVD",
"id": "CVE-2018-7524"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e8f6e1-39ab-11e9-ac0f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06021"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-763"
}
],
"trust": 0.6
}
}
VAR-201803-2221
Vulnerability from variot - Updated: 2023-12-18 12:18Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7532",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06019",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137564",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7532",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7532",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-06019",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-761",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137564",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137564"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7532",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E6FB10-39AB-11E9-8292-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137564",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"id": "VAR-201803-2221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
}
]
},
"last_update_date": "2023-12-18T12:18:58.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "Patch for Geutebruck IPCameras Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122847"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79347"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 1.7,
"url": "https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7532"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"db": "VULHUB",
"id": "VHN-137564"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137564"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"date": "2018-03-22T18:29:01.137000",
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06019"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137564"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003346"
},
{
"date": "2019-10-09T23:42:23.830000",
"db": "NVD",
"id": "CVE-2018-7532"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e6fb10-39ab-11e9-8292-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-761"
}
],
"trust": 0.6
}
}
VAR-201803-2210
Vulnerability from variot - Updated: 2023-12-18 12:18A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company. An attacker could exploit this vulnerability to scan proxy networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7516",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7516",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06022",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7516",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7516",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-06022",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-765",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137548",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company. An attacker could exploit this vulnerability to scan proxy networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137548"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7516",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E7221E-39AB-11E9-A995-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137548",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"id": "VAR-201803-2210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
}
]
},
"last_update_date": "2023-12-18T12:18:58.474000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "Patch for Geutebruck IPCameras Cross-Site Request Forgery Vulnerability (CNVD-2018-06022)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122841"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7516"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7516"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"db": "VULHUB",
"id": "VHN-137548"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137548"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"date": "2018-03-22T18:29:00.900000",
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06022"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137548"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003342"
},
{
"date": "2019-10-09T23:42:22.080000",
"db": "NVD",
"id": "CVE-2018-7516"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Server-side request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e7221e-39ab-11e9-a995-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-765"
}
],
"trust": 0.8
}
}
VAR-201803-2218
Vulnerability from variot - Updated: 2023-12-18 12:18An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7528",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06024",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e94500-39ab-11e9-a236-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137560",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7528",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7528",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-06024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-762",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137560",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137560"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7528",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-06024",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E94500-39AB-11E9-A236-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137560",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"id": "VAR-201803-2218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
}
]
},
"last_update_date": "2023-12-18T12:18:58.437000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "GeutebruckIPCamerasSQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122849"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79348"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7528"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7528"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"db": "VULHUB",
"id": "VHN-137560"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137560"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"date": "2018-03-22T18:29:01.087000",
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06024"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137560"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003345"
},
{
"date": "2019-10-09T23:42:23.377000",
"db": "NVD",
"id": "CVE-2018-7528"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e2e94500-39ab-11e9-a236-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-762"
}
],
"trust": 0.8
}
}
VAR-201803-2207
Vulnerability from variot - Updated: 2023-12-18 12:18A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06023",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-137544",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7512",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7512",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-06023",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-766",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137544",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137544"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7512",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06023",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E6FB0F-39AB-11E9-B666-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137544",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"id": "VAR-201803-2207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
}
]
},
"last_update_date": "2023-12-18T12:18:58.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "Patch for Geutebruck IPCameras Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122839"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79352"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7512"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7512"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"db": "VULHUB",
"id": "VHN-137544"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137544"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"date": "2018-03-22T18:29:00.837000",
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06023"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-137544"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003341"
},
{
"date": "2019-10-09T23:42:21.267000",
"db": "NVD",
"id": "CVE-2018-7512"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e6fb0f-39ab-11e9-b666-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06023"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-766"
}
],
"trust": 0.6
}
}
VAR-201803-2213
Vulnerability from variot - Updated: 2023-12-18 12:18An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2213",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam/efd-2250",
"scope": "eq",
"trust": 1.7,
"vendor": "geutebruck",
"version": "1.12.0.4"
},
{
"model": "g-cam\\/efd-2250",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "1.12.0.4"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 1.6,
"vendor": "geutebrueck",
"version": "3.15.1"
},
{
"model": "topline topfd-2125",
"scope": "eq",
"trust": 0.9,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "topfd-2125",
"scope": "eq",
"trust": 0.8,
"vendor": "geutebruck",
"version": "3.15.1"
},
{
"model": "g-cam/efd-2250",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebruck",
"version": "1.12.0.19"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "g cam efd 2250",
"version": "1.12.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "topfd 2125",
"version": "3.15.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2250_firmware:1.12.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:topfd-2125_firmware:3.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:topfd-2125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.",
"sources": [
{
"db": "BID",
"id": "103474"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7520",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06020",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137552",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7520",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7520",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-06020",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-764",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137552",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A SQL-injection vulnerability\n3. A cross-site request-forgery vulnerability\n4. An access-bypass vulnerability\n5. A security-bypass vulnerability\n6. A cross-site scripting vulnerability\nAttackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. \nThe following devices are vulnerable:\nGeutebruck G-Cam/EFD-2250 version 1.12.0.4\nGeutebruck Topline TopFD-2125 version 3.15.1. Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebr\u00fcck company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137552"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-137552",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137552"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7520",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-079-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103474",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06020",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E8F6E2-39AB-11E9-B0E9-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148380",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-137552",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"id": "VAR-201803-2213",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
}
],
"trust": 1.7595238
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
}
]
},
"last_update_date": "2023-12-18T12:18:58.361000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geutebrueck.com/en_en.html"
},
{
"title": "GeutebruckIPCameras patch for incorrect access control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122845"
},
{
"title": "Geutebr\u00fcck G-Cam/EFD-2250 and Topline TopFD-2125 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79350"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-079-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7520"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7520"
},
{
"trust": 0.3,
"url": "http://www.geutebrueck.com/en_en/product-overview-31934.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"db": "VULHUB",
"id": "VHN-137552"
},
{
"db": "BID",
"id": "103474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-137552"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"date": "2018-03-22T18:29:00.963000",
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06020"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-137552"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103474"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003343"
},
{
"date": "2020-10-02T14:53:05.433000",
"db": "NVD",
"id": "CVE-2018-7520"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebruck IP Cameras Incorrect access control vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e8f6e2-39ab-11e9-b0e9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06020"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-764"
}
],
"trust": 0.6
}
}