VAR-201812-0470
Vulnerability from variot - Updated: 2023-12-18 14:05In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\303\274ck E2CameraSeries is an E2 series webcam from Geutebr\303\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebrück GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0470",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "g-cam\\/efd-2251",
"scope": "lt",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam\\/ewpc-2275",
"scope": "lt",
"trust": 1.0,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/efd-2251",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "g-cam/ewpc-2275",
"scope": "lt",
"trust": 0.8,
"vendor": "geutebrueck",
"version": "1.12.0.25"
},
{
"model": "e2 camera series",
"scope": "lt",
"trust": 0.6,
"vendor": "geutebruck",
"version": "1.12.0.25"
},
{
"model": "e2 series camera",
"scope": "eq",
"trust": 0.3,
"vendor": "geutebr\u00fcck",
"version": "1.12"
},
{
"model": "e2 series camera",
"scope": "ne",
"trust": 0.3,
"vendor": "geutebr\u00fcck",
"version": "1.12.0.25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/efd-2251_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/efd-2251:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam\\/ewpc-2275_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.12.0.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam\\/ewpc-2275:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "106208"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-19007",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2019-04134",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-19007",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19007",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-04134",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-657",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-19007",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\\303\\274ck E2CameraSeries is an E2 series webcam from Geutebr\\303\\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebr\u00c3\u00bcck GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19007",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-347-03",
"trust": 2.8
},
{
"db": "BID",
"id": "106208",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-04134",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-19007",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"id": "VAR-201812-0470",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
}
]
},
"last_update_date": "2023-12-18T14:05:17.281000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.guardzilla.com/"
},
{
"title": "Geutebr\\303\\274ckE2CameraSeries operating system command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/153491"
},
{
"title": "Geutebr\u00fcck E2 Camera Series Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-347-03"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/106208"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19007"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19007"
},
{
"trust": 0.3,
"url": "https://www.geutebrueck.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"db": "BID",
"id": "106208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"date": "2018-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"date": "2018-12-14T00:00:00",
"db": "BID",
"id": "106208"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"date": "2018-12-14T20:29:00.297000",
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04134"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19007"
},
{
"date": "2018-12-14T00:00:00",
"db": "BID",
"id": "106208"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014624"
},
{
"date": "2019-10-09T23:37:35.553000",
"db": "NVD",
"id": "CVE-2018-19007"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geutebrueck GmbH E2 Camera In the series OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014624"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-657"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…