CVE-2021-33543
published 2021-09-13CVE-2021-33543: Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
82.07%
99.6th percentile
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
Affected
66 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geutebr_ck | e2_series | — | — |
| geutebr_ck | e2_series | — | — |
| geutebr_ck | e2_series | — | — |
| geutebr_ck | e2_series | — | — |
| geutebr_ck | e2_series | — | — |
| geutebr_ck | e2_series | — | — |
| geutebr_ck | e2_series | — | — |
| geutebr_ck | e2_series | — | — |
| geutebr_ck | e2_series | EBC-21xx – 1.12.0.27 | — |
| geutebr_ck | e2_series | EFD-22xx – 1.12.0.27 | — |
| geutebr_ck | e2_series | ETHC-22xx – 1.12.0.27 | — |
| geutebr_ck | e2_series | EWPC-22xx – 1.12.0.27 | — |
| geutebr_ck | encoder_g-code | — | — |
| geutebr_ck | encoder_g-code | — | — |
| geutebr_ck | encoder_g-code | — | — |
| geutebr_ck | encoder_g-code | — | — |
| geutebr_ck | encoder_g-code | EEC-2xx – 1.12.0.27 | — |
| geutebr_ck | encoder_g-code | EEN-20xx – 1.12.0.27 | — |
| geutebrueck | g-cam_ebc-2110_firmware | <= 1.12.0.27 | — |
| geutebrueck | g-cam_ebc-2110_firmware | — | — |
| geutebrueck | g-cam_ebc-2110_firmware | — | — |
| geutebrueck | g-cam_ebc-2111_firmware | <= 1.12.0.27 | — |
| geutebrueck | g-cam_ebc-2111_firmware | — | — |
| geutebrueck | g-cam_ebc-2111_firmware | — | — |
| geutebrueck | g-cam_ebc-2112_firmware | <= 1.12.0.27 | — |
Detection & IOCsextracted from sources · hover to see the quote
path/uapi-cgi/
snort
alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Outbound (CVE-2021-33543)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/uapi-cgi/"; fast_pattern; pcre:"/^.{1,50}\/uapi-cgi\//Ui"; content:".cgi"; endswith; reference:url,www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/; reference:cve,2021-33543; classtype:attempted-admin; sid:2033308; rev:1; metadata:created_at 2021_07_09, cve CVE_2021_33543, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_09;)snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Inbound (CVE-2021-33543)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/uapi-cgi/"; fast_pattern; pcre:"/^.{1,50}\/uapi-cgi\//Ui"; content:".cgi"; endswith; reference:url,www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/; reference:cve,2021-33543; classtype:attempted-admin; sid:2033309; rev:1; metadata:created_at 2021_07_09, cve CVE_2021_33543, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_09;)- →Exploit attempts target HTTP GET requests to URIs matching the pattern /uapi-cgi/*.cgi — monitor for unauthenticated GET requests to any .cgi endpoint under the /uapi-cgi/ path on camera/HTTP servers.
- →Both inbound (external attacker to camera) and outbound (camera to external) traffic patterns should be monitored, as the ET rules cover both directions (SIDs 2033308 and 2033309).
- →The vulnerability stems from default user authentication settings allowing unauthenticated remote access to sensitive files — audit camera devices for default/no-auth configurations on the uapi-cgi interface.
- ·The vulnerability affects multiple vendors (UDP Technology, Geutebrück, and others) sharing the same firmware — scope of affected devices may be broader than a single vendor's product line.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x79q-7f37-g9qq: Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user aut
ghsa_unreviewed·2022-05-24
CVE-2021-33543 [HIGH] CWE-306 GHSA-x79q-7f37-g9qq: Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user aut
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings.
CISA ICS
Geutebrück G-Cam E2 and G-Code
cisa_ics·2021-07-27·CVSS 9.8
[CRITICAL] Geutebrück G-Cam E2 and G-Code
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Geutebrück G-Cam E2 and G-Code
Last RevisedJuly 27, 2021
Alert CodeICSA-21-208-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Geutebrück
- Equipment: G-Cam E2 and G-Code
- Vulnerabilities: Missing Authentication for Critical Function, Command Injection, Stack-based Buffer Overflow
## 2. RISK EVALUATION
UDP Technology supplies multiple OEMs such as Geutebrück with firmware for IP cameras. Successful exploitation of these vulnerabilities could allow unauthenticated access to sensitive i
Suricata
ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Outbound (CVE-2021-33543)
suricata·2021-07-09·CVSS 9.8
CVE-2021-33543 [CRITICAL] ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Outbound (CVE-2021-33543)
ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Outbound (CVE-2021-33543)
Rule: alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Outbound (CVE-2021-33543)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/uapi-cgi/"; fast_pattern; pcre:"/^.{1,50}\/uapi-cgi\//Ui"; content:".cgi"; endswith; reference:url,www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/; reference:cve,2021-33543; classtype:attempted-admin; sid:2033308; rev:1; metadata:created_at 2021_07_09, cve CVE_2021_33543, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_09;)
Suricata
ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Inbound (CVE-2021-33543)
suricata·2021-07-09·CVSS 9.8
CVE-2021-33543 [CRITICAL] ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Inbound (CVE-2021-33543)
ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Inbound (CVE-2021-33543)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Inbound (CVE-2021-33543)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/uapi-cgi/"; fast_pattern; pcre:"/^.{1,50}\/uapi-cgi\//Ui"; content:".cgi"; endswith; reference:url,www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/; reference:cve,2021-33543; classtype:attempted-admin; sid:2033309; rev:1; metadata:created_at 2021_07_09, cve CVE_2021_33543, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_09;)
No writeups or analysis indexed.
2021-09-13
Published