CVE-2020-16205
published 2020-08-14CVE-2020-16205: Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior…
PriorityP267high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
60.44%
99.0th percentile
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geutebrueck | g-cam_ebc-2110_firmware | — | — |
| geutebrueck | g-cam_ebc-2110_firmware | — | — |
| geutebrueck | g-cam_ebc-2110_firmware | — | — |
| geutebrueck | g-cam_ebc-2111_firmware | — | — |
| geutebrueck | g-cam_ebc-2111_firmware | — | — |
| geutebrueck | g-cam_ebc-2111_firmware | — | — |
| geutebrueck | g-cam_efd-2240_firmware | — | — |
| geutebrueck | g-cam_efd-2240_firmware | — | — |
| geutebrueck | g-cam_efd-2240_firmware | — | — |
| geutebrueck | g-cam_efd-2241_firmware | — | — |
| geutebrueck | g-cam_efd-2241_firmware | — | — |
| geutebrueck | g-cam_efd-2241_firmware | — | — |
| geutebrueck | g-cam_efd-2250_firmware | — | — |
| geutebrueck | g-cam_efd-2250_firmware | — | — |
| geutebrueck | g-cam_efd-2250_firmware | — | — |
| geutebrueck | g-cam_ethc-2230_firmware | — | — |
| geutebrueck | g-cam_ethc-2230_firmware | — | — |
| geutebrueck | g-cam_ethc-2230_firmware | — | — |
| geutebrueck | g-cam_ethc-2239_firmware | — | — |
| geutebrueck | g-cam_ethc-2239_firmware | — | — |
| geutebrueck | g-cam_ethc-2239_firmware | — | — |
| geutebrueck | g-cam_ethc-2240_firmware | — | — |
| geutebrueck | g-cam_ethc-2240_firmware | — | — |
| geutebrueck | g-cam_ethc-2240_firmware | — | — |
| geutebrueck | g-cam_ethc-2249_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation results in remote code execution as root; alert on unexpected outbound connections or process spawning from the web server process on Geutebruck G-Cam/G-Code devices running firmware <= 1.12.0.25, 1.12.13.2, or 1.12.14.5. ↗
- →Public exploits are available (Metasploit module: exploits/linux/http/geutebruck_testaction_exec); prioritize detection and patching for internet-exposed Geutebruck devices. ↗
- ·Exploitation requires authentication (remote authenticated user); however, the privilege level required is 'high' per CVSS (PR:H), meaning valid credentials are needed before the injection can be triggered. ↗
- ·Affected firmware versions are <= 1.12.0.25 as well as the limited versions 1.12.13.2 and 1.12.14.5; devices on other firmware versions are not confirmed vulnerable. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Geutebrück G-Cam and G-Code
cisa_ics·2020-08-06·CVSS 7.2
[HIGH] Geutebrück G-Cam and G-Code
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Geutebrück G-Cam and G-Code
Last RevisedAugust 06, 2020
Alert CodeICSA-20-219-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.2
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
- Vendor: Geutebrück
- Equipment: G-Cam and G-Code
- Vulnerability: OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote code execution as root.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Geutebruck reports the vulnerability affects firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.
GHSA
GHSA-rmpj-q623-hh55: Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1
ghsa_unreviewed·2022-05-24
CVE-2020-16205 [HIGH] GHSA-rmpj-q623-hh55: Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-20-219-03http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-20-219-03
2020-08-14
Published