Sign-up

ID

VAR-201803-2207


CVE

CVE-2018-7512


TITLE

Geutebruck IP Cameras Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: e2e6fb0f-39ab-11e9-b666-000c29342cb1 // CNVD: CNVD-2018-06023

DESCRIPTION

A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

Trust: 2.7

sources: NVD: CVE-2018-7512 // JVNDB: JVNDB-2018-003341 // CNVD: CNVD-2018-06023 // BID: 103474 // IVD: e2e6fb0f-39ab-11e9-b666-000c29342cb1 // VULHUB: VHN-137544

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2e6fb0f-39ab-11e9-b666-000c29342cb1 // CNVD: CNVD-2018-06023

AFFECTED PRODUCTS

vendor:geutebruckmodel:g-cam/efd-2250scope:eqversion:1.12.0.4

Trust: 1.7

vendor:geutebrueckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 1.6

vendor:geutebrueckmodel:g-cam\/efd-2250scope:eqversion:1.12.0.4

Trust: 1.6

vendor:geutebruckmodel:topline topfd-2125scope:eqversion:3.15.1

Trust: 0.9

vendor:geutebruckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 0.8

vendor:geutebruckmodel:g-cam/efd-2250scope:neversion:1.12.0.19

Trust: 0.3

vendor:g cam efd 2250model: - scope:eqversion:1.12.0.4

Trust: 0.2

vendor:topfd 2125model: - scope:eqversion:3.15.1

Trust: 0.2

sources: IVD: e2e6fb0f-39ab-11e9-b666-000c29342cb1 // CNVD: CNVD-2018-06023 // BID: 103474 // JVNDB: JVNDB-2018-003341 // CNNVD: CNNVD-201803-766 // NVD: CVE-2018-7512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7512
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7512
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-06023
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-766
value: MEDIUM

Trust: 0.6

IVD: e2e6fb0f-39ab-11e9-b666-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-137544
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7512
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06023
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e6fb0f-39ab-11e9-b666-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137544
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7512
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: IVD: e2e6fb0f-39ab-11e9-b666-000c29342cb1 // CNVD: CNVD-2018-06023 // VULHUB: VHN-137544 // JVNDB: JVNDB-2018-003341 // CNNVD: CNNVD-201803-766 // NVD: CVE-2018-7512

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-137544 // JVNDB: JVNDB-2018-003341 // NVD: CVE-2018-7512

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-766

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201803-766

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003341

PATCH
title:Top Pageurl:https://www.geutebrueck.com/en_EN.html
Trust: 0.8
title:Patch for Geutebruck IPCameras Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/122839
Trust: 0.6
title:Geutebrück G-Cam/EFD-2250  and Topline TopFD-2125 Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79352
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06023 // 
            
            
            
            JVNDB: JVNDB-2018-003341 // 
            
            
            
            CNNVD: CNNVD-201803-766

EXTERNAL IDS
db:NVDid:CVE-2018-7512
Trust: 3.6
db:ICS CERTid:ICSA-18-079-01
Trust: 3.4
db:BIDid:103474
Trust: 2.0
db:CNNVDid:CNNVD-201803-766
Trust: 0.9
db:CNVDid:CNVD-2018-06023
Trust: 0.8
db:JVNDBid:JVNDB-2018-003341
Trust: 0.8
db:IVDid:E2E6FB0F-39AB-11E9-B666-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137544
Trust: 0.1
sources:
            
            
            IVD: e2e6fb0f-39ab-11e9-b666-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06023 // 
            
            
            
            VULHUB: VHN-137544 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003341 // 
            
            
            
            CNNVD: CNNVD-201803-766 // 
            
            
            
            NVD: CVE-2018-7512

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-079-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103474
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7512
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7512
Trust: 0.8
url:http://www.geutebrueck.com/en_en/product-overview-31934.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06023 // 
            
            
            
            VULHUB: VHN-137544 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003341 // 
            
            
            
            CNNVD: CNNVD-201803-766 // 
            
            
            
            NVD: CVE-2018-7512

CREDITS
Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.
Trust: 0.3
sources:
            
            
            BID: 103474

SOURCES
db:IVDid:e2e6fb0f-39ab-11e9-b666-000c29342cb1
db:CNVDid:CNVD-2018-06023
db:VULHUBid:VHN-137544
db:BIDid:103474
db:JVNDBid:JVNDB-2018-003341
db:CNNVDid:CNNVD-201803-766
db:NVDid:CVE-2018-7512

LAST UPDATE DATE
2024-11-23T21:53:17.699000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06023date:2018-03-22T00:00:00
db:VULHUBid:VHN-137544date:2019-10-09T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003341date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-766date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7512date:2024-11-21T04:12:16.423

SOURCES RELEASE DATE
db:IVDid:e2e6fb0f-39ab-11e9-b666-000c29342cb1date:2018-03-22T00:00:00
db:CNVDid:CNVD-2018-06023date:2018-03-22T00:00:00
db:VULHUBid:VHN-137544date:2018-03-22T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003341date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-766date:2018-03-22T00:00:00
db:NVDid:CVE-2018-7512date:2018-03-22T18:29:00.837