Two vulnerabilities in Geutebrück G-Cam/EFD-2250 IP camera
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-5173 CVE-2017-5174 |
| CWE-ID | CWE-78 CWE-287 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Geutebrück G-Cam Hardware solutions / Firmware |
| Vendor | GEUTEBRÜCK GmbH |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) OS command injection
EUVDB-ID: #VU5827
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-5173
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands.
The vulnerability exists due to insufficient sanitization of user-supplied input within IP camera web interface in "/uapi-cgi/viewer/testaction.cgi" script. A remote unauthenticated attacker can send specially crafted HTTP POST request to vulnerable scripts and execute arbitrary OS commands on vulnerable device.
MitigationInstall update from vendor's website.
Geutebrück G-Cam: 1.11.0.12
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/ICSA-17-045-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Authentication bypass
EUVDB-ID: #VU5826
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-5174
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to incorrectly imposed access controls in IP camera web interface. A remote unauthenticated attacker can request certain URLs directly, bypass authentication process and gain unauthorized access to IP camera functionality.
MitigationInstall updates from vendor's website.
Geutebrück G-Cam: 1.11.0.12
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/ICSA-17-045-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
