Sign-up

ID

VAR-201803-2221


CVE

CVE-2018-7532


TITLE

Geutebruck IP Cameras Remote code execution vulnerability

Trust: 0.8

sources: IVD: e2e6fb10-39ab-11e9-8292-000c29342cb1 // CNVD: CNVD-2018-06019

DESCRIPTION

Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Geutebruck G-Cam/EFD-2250 and Topline TopFD-2125 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The G-Cam/EFD-2250 and ToplineTopFD-2125 are both high-definition cameras from Geutebruck. GeutebruckIPCameras has a remote code execution vulnerability that an attacker can exploit to execute arbitrary code. Multiple Geutebruck devices are prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. An access-bypass vulnerability 5. A security-bypass vulnerability 6. A cross-site scripting vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. The following devices are vulnerable: Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Geutebruck Topline TopFD-2125 version 3.15.1. Geutebrück G-Cam/EFD-2250 and Topline TopFD-2125 are IP camera products of German Geutebrück company

Trust: 2.7

sources: NVD: CVE-2018-7532 // JVNDB: JVNDB-2018-003346 // CNVD: CNVD-2018-06019 // BID: 103474 // IVD: e2e6fb10-39ab-11e9-8292-000c29342cb1 // VULHUB: VHN-137564

IOT TAXONOMY

category:['IoT', 'ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2e6fb10-39ab-11e9-8292-000c29342cb1 // CNVD: CNVD-2018-06019

AFFECTED PRODUCTS

vendor:geutebruckmodel:g-cam/efd-2250scope:eqversion:1.12.0.4

Trust: 1.7

vendor:geutebrueckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 1.6

vendor:geutebrueckmodel:g-cam\/efd-2250scope:eqversion:1.12.0.4

Trust: 1.6

vendor:geutebruckmodel:topline topfd-2125scope:eqversion:3.15.1

Trust: 0.9

vendor:geutebruckmodel:topfd-2125scope:eqversion:3.15.1

Trust: 0.8

vendor:geutebruckmodel:g-cam/efd-2250scope:neversion:1.12.0.19

Trust: 0.3

vendor:g cam efd 2250model: - scope:eqversion:1.12.0.4

Trust: 0.2

vendor:topfd 2125model: - scope:eqversion:3.15.1

Trust: 0.2

sources: IVD: e2e6fb10-39ab-11e9-8292-000c29342cb1 // CNVD: CNVD-2018-06019 // BID: 103474 // JVNDB: JVNDB-2018-003346 // CNNVD: CNNVD-201803-761 // NVD: CVE-2018-7532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7532
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7532
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06019
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-761
value: CRITICAL

Trust: 0.6

IVD: e2e6fb10-39ab-11e9-8292-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-137564
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7532
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06019
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e6fb10-39ab-11e9-8292-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137564
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7532
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e6fb10-39ab-11e9-8292-000c29342cb1 // CNVD: CNVD-2018-06019 // VULHUB: VHN-137564 // JVNDB: JVNDB-2018-003346 // CNNVD: CNNVD-201803-761 // NVD: CVE-2018-7532

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-137564 // JVNDB: JVNDB-2018-003346 // NVD: CVE-2018-7532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-761

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201803-761

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003346

PATCH
title:Top Pageurl:https://www.geutebrueck.com/en_EN.html
Trust: 0.8
title:Patch for Geutebruck IPCameras Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/122847
Trust: 0.6
title:Geutebrück G-Cam/EFD-2250  and Topline TopFD-2125 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79347
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06019 // 
            
            
            
            JVNDB: JVNDB-2018-003346 // 
            
            
            
            CNNVD: CNNVD-201803-761

EXTERNAL IDS
db:NVDid:CVE-2018-7532
Trust: 3.6
db:ICS CERTid:ICSA-18-079-01
Trust: 3.4
db:BIDid:103474
Trust: 2.0
db:CNNVDid:CNNVD-201803-761
Trust: 0.9
db:CNVDid:CNVD-2018-06019
Trust: 0.8
db:JVNDBid:JVNDB-2018-003346
Trust: 0.8
db:IVDid:E2E6FB10-39AB-11E9-8292-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137564
Trust: 0.1
sources:
            
            
            IVD: e2e6fb10-39ab-11e9-8292-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06019 // 
            
            
            
            VULHUB: VHN-137564 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003346 // 
            
            
            
            CNNVD: CNNVD-201803-761 // 
            
            
            
            NVD: CVE-2018-7532

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-079-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103474
Trust: 1.7
url:https://randorisec.fr/0day-anonymous-rce-on-geutebruck-ip-cameras-again/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7532
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7532
Trust: 0.8
url:http://www.geutebrueck.com/en_en/product-overview-31934.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06019 // 
            
            
            
            VULHUB: VHN-137564 // 
            
            
            
            BID: 103474 // 
            
            
            
            JVNDB: JVNDB-2018-003346 // 
            
            
            
            CNNVD: CNNVD-201803-761 // 
            
            
            
            NVD: CVE-2018-7532

CREDITS
Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock.
Trust: 0.3
sources:
            
            
            BID: 103474

SOURCES
db:IVDid:e2e6fb10-39ab-11e9-8292-000c29342cb1
db:CNVDid:CNVD-2018-06019
db:VULHUBid:VHN-137564
db:BIDid:103474
db:JVNDBid:JVNDB-2018-003346
db:CNNVDid:CNNVD-201803-761
db:NVDid:CVE-2018-7532

LAST UPDATE DATE
2024-11-23T21:53:17.778000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06019date:2018-03-22T00:00:00
db:VULHUBid:VHN-137564date:2019-10-09T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003346date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-761date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7532date:2024-11-21T04:12:18.600

SOURCES RELEASE DATE
db:IVDid:e2e6fb10-39ab-11e9-8292-000c29342cb1date:2018-03-22T00:00:00
db:CNVDid:CNVD-2018-06019date:2018-03-22T00:00:00
db:VULHUBid:VHN-137564date:2018-03-22T00:00:00
db:BIDid:103474date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003346date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-761date:2018-03-22T00:00:00
db:NVDid:CVE-2018-7532date:2018-03-22T18:29:01.137