CVE-2019-10957
published 2020-01-17CVE-2019-10957: Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated…
PriorityP422medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.94%
56.3th percentile
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geutebrueck | g-cam_ebc-2110_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_ebc-2111_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_efd-2240_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_efd-2241_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_efd-2250_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_ethc-2230_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_ethc-2239_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_ethc-2240_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_ethc-2249_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-cam_ewpc-2270_firmware | <= 1.12.0.25 | — |
| geutebrueck | g-code_eec-2400_firmware | <= 1.12.0.25 | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Geutebrück G-Cam and G-Code
cisa_ics·2019-06-04·CVSS 7.2
[HIGH] Geutebrück G-Cam and G-Code
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Geutebrück G-Cam and G-Code
Last RevisedJune 04, 2019
Alert CodeICSA-19-155-03
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.2
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Geutebrück
- Equipment: G-Cam and G-Code
- Vulnerabilities: Cross-site Scripting, OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution as root and remote code execution in the browser of the IP camera operator.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Geutebruck reports that the vulnerabilities affect the
GHSA
GHSA-wfh9-fxc6-p4h7: Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1
ghsa_unreviewed·2022-05-24
CVE-2019-10957 [LOW] CWE-79 GHSA-wfh9-fxc6-p4h7: Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user?s browser.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-01-17
Published