Sign-up

ID

VAR-201803-2218


CVE

CVE-2018-7528


TITLE

Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003345

DESCRIPTION

An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

Trust: 2.7

sources: NVD: CVE-2018-7528 // JVNDB: JVNDB-2018-003345 // CNVD: CNVD-2018-06024 // BID: 103474 // IVD: e2e94500-39ab-11e9-a236-000c29342cb1 // VULHUB: VHN-137560

IOT TAXONOMY

category:['IoT', 'ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2e94500-39ab-11e9-a236-000c29342cb1 // CNVD: CNVD-2018-06024

AFFECTED PRODUCTS

vendor:geutebruckmodel:g-cam/efd-2250scope:eqversion:1.12.0.4

Trust: 1.7

vendor:geutebrueckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 1.6

vendor:geutebrueckmodel:g-cam\/efd-2250scope:eqversion:1.12.0.4

Trust: 1.6

vendor:geutebruckmodel:topline topfd-2125scope:eqversion:3.15.1

Trust: 0.9

vendor:geutebruckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 0.8

vendor:geutebruckmodel:g-cam/efd-2250scope:neversion:1.12.0.19

Trust: 0.3

vendor:g cam efd 2250model: - scope:eqversion:1.12.0.4

Trust: 0.2

vendor:topfd 2125model: - scope:eqversion:3.15.1

Trust: 0.2

sources: IVD: e2e94500-39ab-11e9-a236-000c29342cb1 // CNVD: CNVD-2018-06024 // BID: 103474 // JVNDB: JVNDB-2018-003345 // CNNVD: CNNVD-201803-762 // NVD: CVE-2018-7528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7528
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7528
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06024
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-762
value: CRITICAL

Trust: 0.6

IVD: e2e94500-39ab-11e9-a236-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-137560
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7528
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06024
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e94500-39ab-11e9-a236-000c29342cb1
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137560
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7528
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: e2e94500-39ab-11e9-a236-000c29342cb1 // CNVD: CNVD-2018-06024 // VULHUB: VHN-137560 // JVNDB: JVNDB-2018-003345 // CNNVD: CNNVD-201803-762 // NVD: CVE-2018-7528

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-137560 // JVNDB: JVNDB-2018-003345 // NVD: CVE-2018-7528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-762

TYPE

SQL injection

Trust: 0.8

sources: IVD: e2e94500-39ab-11e9-a236-000c29342cb1 // CNNVD: CNNVD-201803-762

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003345

PATCH
title:Top Pageurl:https://www.geutebrueck.com/en_EN.html
Trust: 0.8
title:GeutebruckIPCamerasSQL injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/122849
Trust: 0.6
title:Geutebrück G-Cam/EFD-2250  and Topline TopFD-2125 SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79348
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06024 // 
            
            
            
            JVNDB: JVNDB-2018-003345 // 
            
            
            
            CNNVD: CNNVD-201803-762

EXTERNAL IDS
db:NVDid:CVE-2018-7528
Trust: 3.6
db:ICS CERTid:ICSA-18-079-01
Trust: 3.4
db:BIDid:103474
Trust: 2.0
db:CNVDid:CNVD-2018-06024
Trust: 0.8
db:CNNVDid:CNNVD-201803-762
Trust: 0.8
db:JVNDBid:JVNDB-2018-003345
Trust: 0.8
db:IVDid:E2E94500-39AB-11E9-A236-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137560
Trust: 0.1
sources:
            
            
            IVD: e2e94500-39ab-11e9-a236-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06024 // 
            
            
            
            VULHUB: VHN-137560 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003345 // 
            
            
            
            CNNVD: CNNVD-201803-762 // 
            
            
            
            NVD: CVE-2018-7528

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-079-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103474
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7528
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7528
Trust: 0.8
url:http://www.geutebrueck.com/en_en/product-overview-31934.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06024 // 
            
            
            
            VULHUB: VHN-137560 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003345 // 
            
            
            
            CNNVD: CNNVD-201803-762 // 
            
            
            
            NVD: CVE-2018-7528

CREDITS
Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.
Trust: 0.3
sources:
            
            
            BID: 103474

SOURCES
db:IVDid:e2e94500-39ab-11e9-a236-000c29342cb1
db:CNVDid:CNVD-2018-06024
db:VULHUBid:VHN-137560
db:BIDid:103474
db:JVNDBid:JVNDB-2018-003345
db:CNNVDid:CNNVD-201803-762
db:NVDid:CVE-2018-7528

LAST UPDATE DATE
2024-11-23T21:53:17.817000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06024date:2018-03-22T00:00:00
db:VULHUBid:VHN-137560date:2019-10-09T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003345date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-762date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7528date:2024-11-21T04:12:18.187

SOURCES RELEASE DATE
db:IVDid:e2e94500-39ab-11e9-a236-000c29342cb1date:2018-03-22T00:00:00
db:CNVDid:CNVD-2018-06024date:2018-03-22T00:00:00
db:VULHUBid:VHN-137560date:2018-03-22T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003345date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-762date:2018-03-22T00:00:00
db:NVDid:CVE-2018-7528date:2018-03-22T18:29:01.087