Main Vulnerability Database Vulnerabilities #VU16536

OS command injection in Geutebrück E2 Series IP Cameras - CVE-2018-19007

Published: December 13, 2018 / Updated: December 14, 2018

Vulnerability identifier: #VU16536

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-19007

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GEUTEBRÜCK GmbH

Affected software:
Geutebrück E2 Series IP Cameras

Detailed vulnerability description

The vulnerability allows a remote high-privileged attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to OS system command injection in the DDNS configuration (in the Network Configuration panel). A remote attacker can supply a specially crafted input to inject and execute arbitrary shell commands with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-19007

Update to version 1.12.0.25.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03

OS command injection in Geutebrück E2 Series IP Cameras - CVE-2018-19007

Detailed vulnerability description

How to mitigate CVE-2018-19007

Sources

Please verify you're human