cbcvebase.
CVE-2017-5174
published 2017-05-19

CVE-2017-5174: An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been…

PriorityP190critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
52.29%
98.8th percentile
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
geutebruckip_camera_g-cam_efd-2250_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/uapi-cgi/viewer/testaction.cgi
commandPOST /uapi-cgi/viewer/testaction.cgi with vars_post: type=ip&ip=eth0 1.1.1.1;<payload>
  • Monitor for unauthenticated POST requests to /uapi-cgi/viewer/testaction.cgi with the 'ip' parameter containing semicolons or shell metacharacters, indicative of OS command injection chained with the authentication bypass.
  • Look for POST body parameters 'type=ip' combined with an 'ip' field containing shell command separators (e.g., semicolons) targeting Geutebruck G-Cam/EFD-2250 devices.
  • The authentication bypass (CVE-2017-5174) leverages the existing file system architecture to circumvent access controls; alert on anonymous/unauthenticated access to CGI endpoints on Geutebruck cameras running firmware version 1.11.0.12.
  • ·The exploit targets a specific firmware version; detections should be scoped to Geutebruck G-Cam/EFD-2250 Version 1.11.0.12 to reduce false positives.
  • ·CVE-2017-5174 (authentication bypass) is chained with CVE-2017-5173 (OS command injection) in the Metasploit module; detections for the path /uapi-cgi/viewer/testaction.cgi cover both vulnerabilities together.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.