Sign-up

ID

VAR-201812-0470


CVE

CVE-2018-19007


TITLE

Geutebrueck GmbH E2 Camera In the series OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014624

DESCRIPTION

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\303\274ck E2CameraSeries is an E2 series webcam from Geutebr\303\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebrück GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability

Trust: 2.52

sources: NVD: CVE-2018-19007 // JVNDB: JVNDB-2018-014624 // CNVD: CNVD-2019-04134 // BID: 106208 // VULMON: CVE-2018-19007

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-04134

AFFECTED PRODUCTS

vendor:geutebrueckmodel:g-cam\/efd-2251scope:ltversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam\/ewpc-2275scope:ltversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam/efd-2251scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebrueckmodel:g-cam/ewpc-2275scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:e2 camera seriesscope:ltversion:1.12.0.25

Trust: 0.6

vendor:geutebrückmodel:e2 series camerascope:eqversion:1.12

Trust: 0.3

vendor:geutebrückmodel:e2 series camerascope:neversion:1.12.0.25

Trust: 0.3

sources: CNVD: CNVD-2019-04134 // BID: 106208 // JVNDB: JVNDB-2018-014624 // NVD: CVE-2018-19007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19007
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-19007
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-04134
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201812-657
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-19007
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-19007
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-04134
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-19007
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-04134 // VULMON: CVE-2018-19007 // JVNDB: JVNDB-2018-014624 // CNNVD: CNNVD-201812-657 // NVD: CVE-2018-19007

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-014624 // NVD: CVE-2018-19007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-657

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201812-657

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014624

PATCH
title:Top Pageurl:https://www.guardzilla.com/
Trust: 0.8
title:Geutebr\303\274ckE2CameraSeries operating system command injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/153491
Trust: 0.6
title:Geutebrück E2 Camera Series Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87899
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-04134 // 
            
            
            
            JVNDB: JVNDB-2018-014624 // 
            
            
            
            CNNVD: CNNVD-201812-657

EXTERNAL IDS
db:NVDid:CVE-2018-19007
Trust: 3.5
db:ICS CERTid:ICSA-18-347-03
Trust: 2.8
db:BIDid:106208
Trust: 2.6
db:JVNDBid:JVNDB-2018-014624
Trust: 0.8
db:CNVDid:CNVD-2019-04134
Trust: 0.6
db:CNNVDid:CNNVD-201812-657
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULMONid:CVE-2018-19007
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-04134 // 
            
            
            
            VULMON: CVE-2018-19007 // 
            
            
            
            BID: 106208 // 
            
            
            
            JVNDB: JVNDB-2018-014624 // 
            
            
            
            CNNVD: CNNVD-201812-657 // 
            
            
            
            NVD: CVE-2018-19007

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-347-03
Trust: 2.9
url:http://www.securityfocus.com/bid/106208
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-19007
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19007
Trust: 0.8
url:https://www.geutebrueck.com/
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-04134 // 
            
            
            
            VULMON: CVE-2018-19007 // 
            
            
            
            BID: 106208 // 
            
            
            
            JVNDB: JVNDB-2018-014624 // 
            
            
            
            CNNVD: CNNVD-201812-657 // 
            
            
            
            NVD: CVE-2018-19007

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 106208

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2019-04134
db:VULMONid:CVE-2018-19007
db:BIDid:106208
db:JVNDBid:JVNDB-2018-014624
db:CNNVDid:CNNVD-201812-657
db:NVDid:CVE-2018-19007

LAST UPDATE DATE
2025-01-30T19:51:02.593000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-04134date:2019-02-14T00:00:00
db:VULMONid:CVE-2018-19007date:2019-10-09T00:00:00
db:BIDid:106208date:2018-12-14T00:00:00
db:JVNDBid:JVNDB-2018-014624date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201812-657date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19007date:2024-11-21T03:57:09.213

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-04134date:2019-02-14T00:00:00
db:VULMONid:CVE-2018-19007date:2018-12-14T00:00:00
db:BIDid:106208date:2018-12-14T00:00:00
db:JVNDBid:JVNDB-2018-014624date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201812-657date:2018-12-14T00:00:00
db:NVDid:CVE-2018-19007date:2018-12-14T20:29:00.297