cbcvebase.
CVE-2021-33543
published 2021-09-13

CVE-2021-33543: Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user…

PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
82.07%
99.6th percentile
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.

Affected

66 ranges· showing 25
VendorProductVersion rangeFixed in
geutebr_cke2_series
geutebr_cke2_series
geutebr_cke2_series
geutebr_cke2_series
geutebr_cke2_series
geutebr_cke2_series
geutebr_cke2_series
geutebr_cke2_series
geutebr_cke2_seriesEBC-21xx – 1.12.0.27
geutebr_cke2_seriesEFD-22xx – 1.12.0.27
geutebr_cke2_seriesETHC-22xx – 1.12.0.27
geutebr_cke2_seriesEWPC-22xx – 1.12.0.27
geutebr_ckencoder_g-code
geutebr_ckencoder_g-code
geutebr_ckencoder_g-code
geutebr_ckencoder_g-code
geutebr_ckencoder_g-codeEEC-2xx – 1.12.0.27
geutebr_ckencoder_g-codeEEN-20xx – 1.12.0.27
geutebrueckg-cam_ebc-2110_firmware<= 1.12.0.27
geutebrueckg-cam_ebc-2110_firmware
geutebrueckg-cam_ebc-2110_firmware
geutebrueckg-cam_ebc-2111_firmware<= 1.12.0.27
geutebrueckg-cam_ebc-2111_firmware
geutebrueckg-cam_ebc-2111_firmware
geutebrueckg-cam_ebc-2112_firmware<= 1.12.0.27

Detection & IOCsextracted from sources · hover to see the quote

path/uapi-cgi/
snort
alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Outbound (CVE-2021-33543)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/uapi-cgi/"; fast_pattern; pcre:"/^.{1,50}\/uapi-cgi\//Ui"; content:".cgi"; endswith; reference:url,www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/; reference:cve,2021-33543; classtype:attempted-admin; sid:2033308; rev:1; metadata:created_at 2021_07_09, cve CVE_2021_33543, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_09;)
snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Inbound (CVE-2021-33543)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/uapi-cgi/"; fast_pattern; pcre:"/^.{1,50}\/uapi-cgi\//Ui"; content:".cgi"; endswith; reference:url,www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/; reference:cve,2021-33543; classtype:attempted-admin; sid:2033309; rev:1; metadata:created_at 2021_07_09, cve CVE_2021_33543, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_09;)
  • Exploit attempts target HTTP GET requests to URIs matching the pattern /uapi-cgi/*.cgi — monitor for unauthenticated GET requests to any .cgi endpoint under the /uapi-cgi/ path on camera/HTTP servers.
  • Both inbound (external attacker to camera) and outbound (camera to external) traffic patterns should be monitored, as the ET rules cover both directions (SIDs 2033308 and 2033309).
  • The vulnerability stems from default user authentication settings allowing unauthenticated remote access to sensitive files — audit camera devices for default/no-auth configurations on the uapi-cgi interface.
  • ·The vulnerability affects multiple vendors (UDP Technology, Geutebrück, and others) sharing the same firmware — scope of affected devices may be broader than a single vendor's product line.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.