Sign-up

ID

VAR-201803-2216


CVE

CVE-2018-7524


TITLE

Geutebruck IP Cameras Cross-Site Request Forgery Vulnerability

Trust: 0.8

sources: IVD: e2e8f6e1-39ab-11e9-ac0f-000c29342cb1 // CNVD: CNVD-2018-06021

DESCRIPTION

A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

Trust: 2.7

sources: NVD: CVE-2018-7524 // JVNDB: JVNDB-2018-003344 // CNVD: CNVD-2018-06021 // BID: 103474 // IVD: e2e8f6e1-39ab-11e9-ac0f-000c29342cb1 // VULHUB: VHN-137556

IOT TAXONOMY

category:['IoT', 'ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2e8f6e1-39ab-11e9-ac0f-000c29342cb1 // CNVD: CNVD-2018-06021

AFFECTED PRODUCTS

vendor:geutebruckmodel:g-cam/efd-2250scope:eqversion:1.12.0.4

Trust: 1.7

vendor:geutebrueckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 1.6

vendor:geutebrueckmodel:g-cam\/efd-2250scope:eqversion:1.12.0.4

Trust: 1.6

vendor:geutebruckmodel:topline topfd-2125scope:eqversion:3.15.1

Trust: 0.9

vendor:geutebruckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 0.8

vendor:geutebruckmodel:g-cam/efd-2250scope:neversion:1.12.0.19

Trust: 0.3

vendor:g cam efd 2250model: - scope:eqversion:1.12.0.4

Trust: 0.2

vendor:topfd 2125model: - scope:eqversion:3.15.1

Trust: 0.2

sources: IVD: e2e8f6e1-39ab-11e9-ac0f-000c29342cb1 // CNVD: CNVD-2018-06021 // BID: 103474 // JVNDB: JVNDB-2018-003344 // CNNVD: CNNVD-201803-763 // NVD: CVE-2018-7524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7524
value: HIGH

Trust: 1.0

NVD: CVE-2018-7524
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06021
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-763
value: HIGH

Trust: 0.6

IVD: e2e8f6e1-39ab-11e9-ac0f-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-137556
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7524
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06021
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e8f6e1-39ab-11e9-ac0f-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137556
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7524
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e8f6e1-39ab-11e9-ac0f-000c29342cb1 // CNVD: CNVD-2018-06021 // VULHUB: VHN-137556 // JVNDB: JVNDB-2018-003344 // CNNVD: CNNVD-201803-763 // NVD: CVE-2018-7524

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-137556 // JVNDB: JVNDB-2018-003344 // NVD: CVE-2018-7524

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-763

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201803-763

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003344

PATCH
title:Top Pageurl:https://www.geutebrueck.com/en_EN.html
Trust: 0.8
title:GeutebruckIPCameras cross-site request forgery vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/122843
Trust: 0.6
title:Geutebrück G-Cam/EFD-2250  and Topline TopFD-2125 Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79349
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06021 // 
            
            
            
            JVNDB: JVNDB-2018-003344 // 
            
            
            
            CNNVD: CNNVD-201803-763

EXTERNAL IDS
db:NVDid:CVE-2018-7524
Trust: 3.6
db:ICS CERTid:ICSA-18-079-01
Trust: 3.4
db:BIDid:103474
Trust: 2.0
db:CNVDid:CNVD-2018-06021
Trust: 0.8
db:CNNVDid:CNNVD-201803-763
Trust: 0.8
db:JVNDBid:JVNDB-2018-003344
Trust: 0.8
db:IVDid:E2E8F6E1-39AB-11E9-AC0F-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137556
Trust: 0.1
sources:
            
            
            IVD: e2e8f6e1-39ab-11e9-ac0f-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06021 // 
            
            
            
            VULHUB: VHN-137556 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003344 // 
            
            
            
            CNNVD: CNNVD-201803-763 // 
            
            
            
            NVD: CVE-2018-7524

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-079-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103474
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7524
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7524
Trust: 0.8
url:http://www.geutebrueck.com/en_en/product-overview-31934.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06021 // 
            
            
            
            VULHUB: VHN-137556 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003344 // 
            
            
            
            CNNVD: CNNVD-201803-763 // 
            
            
            
            NVD: CVE-2018-7524

CREDITS
Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.
Trust: 0.3
sources:
            
            
            BID: 103474

SOURCES
db:IVDid:e2e8f6e1-39ab-11e9-ac0f-000c29342cb1
db:CNVDid:CNVD-2018-06021
db:VULHUBid:VHN-137556
db:BIDid:103474
db:JVNDBid:JVNDB-2018-003344
db:CNNVDid:CNNVD-201803-763
db:NVDid:CVE-2018-7524

LAST UPDATE DATE
2024-11-23T21:53:17.656000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06021date:2018-03-22T00:00:00
db:VULHUBid:VHN-137556date:2019-10-09T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003344date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-763date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7524date:2024-11-21T04:12:17.723

SOURCES RELEASE DATE
db:IVDid:e2e8f6e1-39ab-11e9-ac0f-000c29342cb1date:2018-03-22T00:00:00
db:CNVDid:CNVD-2018-06021date:2018-03-22T00:00:00
db:VULHUBid:VHN-137556date:2018-03-22T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003344date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-763date:2018-03-22T00:00:00
db:NVDid:CVE-2018-7524date:2018-03-22T18:29:01.027