Server-side request forgery in Geutebrück Topline TopFD-2125 and Geutebrück G-Cam

#VU11199 Server-side request forgery in Geutebrück Topline TopFD-2125 and Geutebrück G-Cam

Published: 2018-03-21

Vulnerability identifier: #VU11199

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7516

CWE-ID: CWE-918

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Geutebrück Topline TopFD-2125
Hardware solutions / Office equipment, IP-phones, print servers
Geutebrück G-Cam
Hardware solutions / Firmware

Vendor: GEUTEBRÜCK GmbH

Description
The vulnerability allows a remote attacker to perform SSRF-attack on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can perform server-side request forgery attack.

Mitigation
Update to version 1.12.0.19.

Vulnerable software versions

Geutebrück Topline TopFD-2125: 3.15.1

Geutebrück G-Cam: 1.12.0.4

External links
http://www.geutebrueck.com/en_EN/login.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Geutebruck IP Cameras