cbcvebase.
CVE-2020-16205
published 2020-08-14

CVE-2020-16205: Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior…

PriorityP267high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
60.44%
99.0th percentile
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
geutebrueckg-cam_ebc-2110_firmware
geutebrueckg-cam_ebc-2110_firmware
geutebrueckg-cam_ebc-2110_firmware
geutebrueckg-cam_ebc-2111_firmware
geutebrueckg-cam_ebc-2111_firmware
geutebrueckg-cam_ebc-2111_firmware
geutebrueckg-cam_efd-2240_firmware
geutebrueckg-cam_efd-2240_firmware
geutebrueckg-cam_efd-2240_firmware
geutebrueckg-cam_efd-2241_firmware
geutebrueckg-cam_efd-2241_firmware
geutebrueckg-cam_efd-2241_firmware
geutebrueckg-cam_efd-2250_firmware
geutebrueckg-cam_efd-2250_firmware
geutebrueckg-cam_efd-2250_firmware
geutebrueckg-cam_ethc-2230_firmware
geutebrueckg-cam_ethc-2230_firmware
geutebrueckg-cam_ethc-2230_firmware
geutebrueckg-cam_ethc-2239_firmware
geutebrueckg-cam_ethc-2239_firmware
geutebrueckg-cam_ethc-2239_firmware
geutebrueckg-cam_ethc-2240_firmware
geutebrueckg-cam_ethc-2240_firmware
geutebrueckg-cam_ethc-2240_firmware
geutebrueckg-cam_ethc-2249_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/uapi-cgi/testaction.cgi
path/uapi-cgi/testaction.cgi
  • Exploitation results in remote code execution as root; alert on unexpected outbound connections or process spawning from the web server process on Geutebruck G-Cam/G-Code devices running firmware <= 1.12.0.25, 1.12.13.2, or 1.12.14.5.
  • Public exploits are available (Metasploit module: exploits/linux/http/geutebruck_testaction_exec); prioritize detection and patching for internet-exposed Geutebruck devices.
  • ·Exploitation requires authentication (remote authenticated user); however, the privilege level required is 'high' per CVSS (PR:H), meaning valid credentials are needed before the injection can be triggered.
  • ·Affected firmware versions are <= 1.12.0.25 as well as the limited versions 1.12.13.2 and 1.12.14.5; devices on other firmware versions are not confirmed vulnerable.

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.