Sign-up

ID

VAR-201803-2210


CVE

CVE-2018-7516


TITLE

Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Server-side request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003342

DESCRIPTION

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. There is a server-side request forgery vulnerability in GeutebruckIPCameras, which can be exploited by attackers. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company. An attacker could exploit this vulnerability to scan proxy networks

Trust: 2.7

sources: NVD: CVE-2018-7516 // JVNDB: JVNDB-2018-003342 // CNVD: CNVD-2018-06022 // BID: 103474 // IVD: e2e7221e-39ab-11e9-a995-000c29342cb1 // VULHUB: VHN-137548

IOT TAXONOMY

category:['IoT', 'ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2e7221e-39ab-11e9-a995-000c29342cb1 // CNVD: CNVD-2018-06022

AFFECTED PRODUCTS

vendor:geutebruckmodel:g-cam/efd-2250scope:eqversion:1.12.0.4

Trust: 1.7

vendor:geutebrueckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 1.6

vendor:geutebrueckmodel:g-cam\/efd-2250scope:eqversion:1.12.0.4

Trust: 1.6

vendor:geutebruckmodel:topline topfd-2125scope:eqversion:3.15.1

Trust: 0.9

vendor:geutebruckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 0.8

vendor:geutebruckmodel:g-cam/efd-2250scope:neversion:1.12.0.19

Trust: 0.3

vendor:g cam efd 2250model: - scope:eqversion:1.12.0.4

Trust: 0.2

vendor:topfd 2125model: - scope:eqversion:3.15.1

Trust: 0.2

sources: IVD: e2e7221e-39ab-11e9-a995-000c29342cb1 // CNVD: CNVD-2018-06022 // BID: 103474 // JVNDB: JVNDB-2018-003342 // CNNVD: CNNVD-201803-765 // NVD: CVE-2018-7516

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7516
value: HIGH

Trust: 1.0

NVD: CVE-2018-7516
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06022
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-765
value: HIGH

Trust: 0.6

IVD: e2e7221e-39ab-11e9-a995-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-137548
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7516
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06022
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e7221e-39ab-11e9-a995-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137548
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7516
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: e2e7221e-39ab-11e9-a995-000c29342cb1 // CNVD: CNVD-2018-06022 // VULHUB: VHN-137548 // JVNDB: JVNDB-2018-003342 // CNNVD: CNNVD-201803-765 // NVD: CVE-2018-7516

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.9

sources: VULHUB: VHN-137548 // JVNDB: JVNDB-2018-003342 // NVD: CVE-2018-7516

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-765

TYPE

Code problem

Trust: 0.8

sources: IVD: e2e7221e-39ab-11e9-a995-000c29342cb1 // CNNVD: CNNVD-201803-765

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003342

PATCH
title:Top Pageurl:https://www.geutebrueck.com/en_EN.html
Trust: 0.8
title:Patch for Geutebruck IPCameras Cross-Site Request Forgery Vulnerability (CNVD-2018-06022)url:https://www.cnvd.org.cn/patchInfo/show/122841
Trust: 0.6
title:Geutebrück G-Cam/EFD-2250  and Topline TopFD-2125 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79351
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06022 // 
            
            
            
            JVNDB: JVNDB-2018-003342 // 
            
            
            
            CNNVD: CNNVD-201803-765

EXTERNAL IDS
db:NVDid:CVE-2018-7516
Trust: 3.6
db:ICS CERTid:ICSA-18-079-01
Trust: 3.4
db:BIDid:103474
Trust: 2.0
db:CNNVDid:CNNVD-201803-765
Trust: 0.9
db:CNVDid:CNVD-2018-06022
Trust: 0.8
db:JVNDBid:JVNDB-2018-003342
Trust: 0.8
db:IVDid:E2E7221E-39AB-11E9-A995-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137548
Trust: 0.1
sources:
            
            
            IVD: e2e7221e-39ab-11e9-a995-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06022 // 
            
            
            
            VULHUB: VHN-137548 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003342 // 
            
            
            
            CNNVD: CNNVD-201803-765 // 
            
            
            
            NVD: CVE-2018-7516

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-079-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103474
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7516
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7516
Trust: 0.8
url:http://www.geutebrueck.com/en_en/product-overview-31934.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06022 // 
            
            
            
            VULHUB: VHN-137548 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003342 // 
            
            
            
            CNNVD: CNNVD-201803-765 // 
            
            
            
            NVD: CVE-2018-7516

CREDITS
Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.
Trust: 0.3
sources:
            
            
            BID: 103474

SOURCES
db:IVDid:e2e7221e-39ab-11e9-a995-000c29342cb1
db:CNVDid:CNVD-2018-06022
db:VULHUBid:VHN-137548
db:BIDid:103474
db:JVNDBid:JVNDB-2018-003342
db:CNNVDid:CNNVD-201803-765
db:NVDid:CVE-2018-7516

LAST UPDATE DATE
2024-11-23T21:53:17.738000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06022date:2018-03-22T00:00:00
db:VULHUBid:VHN-137548date:2019-10-09T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003342date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-765date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7516date:2024-11-21T04:12:16.843

SOURCES RELEASE DATE
db:IVDid:e2e7221e-39ab-11e9-a995-000c29342cb1date:2018-03-22T00:00:00
db:CNVDid:CNVD-2018-06022date:2018-03-22T00:00:00
db:VULHUBid:VHN-137548date:2018-03-22T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003342date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-765date:2018-03-22T00:00:00
db:NVDid:CVE-2018-7516date:2018-03-22T18:29:00.900