Sign-up

ID

VAR-202001-1487


CVE

CVE-2019-10956


TITLE

Geutebruck IP Camera G-Code and G-Cam In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014194

DESCRIPTION

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück. Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior

Trust: 2.52

sources: NVD: CVE-2019-10956 // JVNDB: JVNDB-2019-014194 // CNVD: CNVD-2020-22346 // BID: 108579 // VULMON: CVE-2019-10956

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22346

AFFECTED PRODUCTS

vendor:geutebrueckmodel:g-code eec-2400scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam ebc-2110scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam efd-2241scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam ethc-2249scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam ethc-2239scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam ebc-2111scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam efd-2250scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam ethc-2240scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam ewpc-2270scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam efd-2240scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebrueckmodel:g-cam ethc-2230scope:lteversion:1.12.0.25

Trust: 1.0

vendor:geutebruckmodel:g-cam/ebc-2110scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-cam/ebc-2111scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-cam/efd-2240scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-cam/efd-2241scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-cam/efd-2250scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-cam/ethc-2230scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-cam/ethc-2239scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-cam/ethc-2240scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-cam/ethc-2249scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-code/eec-2400scope:ltversion:1.12.0.25

Trust: 0.8

vendor:geutebruckmodel:g-camscope:lteversion:<=1.12.0.25

Trust: 0.6

vendor:geutebruckmodel:g-codescope:lteversion:<=1.12.0.25

Trust: 0.6

vendor:geutebruckmodel:g-code/eec-2xxxscope:eqversion:1.12.0.25

Trust: 0.3

vendor:geutebruckmodel:g-cam/ewpc-22xxscope:eqversion:1.12.0.25

Trust: 0.3

vendor:geutebruckmodel:g-cam/ethc-22xxscope:eqversion:1.12.0.25

Trust: 0.3

vendor:geutebruckmodel:g-cam/efd-22xxscope:eqversion:1.12.0.25

Trust: 0.3

vendor:geutebruckmodel:g-cam/ebc-21xxscope:eqversion:1.12.0.25

Trust: 0.3

vendor:geutebruckmodel:g-code/eec-2xxxscope:neversion:1.12.13.2

Trust: 0.3

vendor:geutebruckmodel:g-cam/ewpc-22xxscope:neversion:1.12.13.2

Trust: 0.3

vendor:geutebruckmodel:g-cam/ethc-22xxscope:neversion:1.12.13.2

Trust: 0.3

vendor:geutebruckmodel:g-cam/efd-22xxscope:neversion:1.12.13.2

Trust: 0.3

vendor:geutebruckmodel:g-cam/ebc-21xxscope:neversion:1.12.13.2

Trust: 0.3

sources: CNVD: CNVD-2020-22346 // BID: 108579 // JVNDB: JVNDB-2019-014194 // NVD: CVE-2019-10956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10956
value: HIGH

Trust: 1.0

NVD: CVE-2019-10956
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22346
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-088
value: HIGH

Trust: 0.6

VULMON: CVE-2019-10956
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10956
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-22346
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10956
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10956
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22346 // VULMON: CVE-2019-10956 // JVNDB: JVNDB-2019-014194 // CNNVD: CNNVD-201906-088 // NVD: CVE-2019-10956

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-014194 // NVD: CVE-2019-10956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-088

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-088

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014194

PATCH
title:Top Pageurl:https://www.geutebrueck.com/
Trust: 0.8
title:Patch for Geutebrück G-Cam and G-Code OS command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/213553
Trust: 0.6
title:Multiple Geutebrück Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93177
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22346 // 
            
            
            
            JVNDB: JVNDB-2019-014194 // 
            
            
            
            CNNVD: CNNVD-201906-088

EXTERNAL IDS
db:ICS CERTid:ICSA-19-155-03
Trust: 3.4
db:NVDid:CVE-2019-10956
Trust: 3.4
db:BIDid:108579
Trust: 1.0
db:JVNDBid:JVNDB-2019-014194
Trust: 0.8
db:CNVDid:CNVD-2020-22346
Trust: 0.6
db:CNNVDid:CNNVD-201906-088
Trust: 0.6
db:VULMONid:CVE-2019-10956
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22346 // 
            
            
            
            VULMON: CVE-2019-10956 // 
            
            
            
            BID: 108579 // 
            
            
            
            JVNDB: JVNDB-2019-014194 // 
            
            
            
            CNNVD: CNNVD-201906-088 // 
            
            
            
            NVD: CVE-2019-10956

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-155-03
Trust: 2.5
url:https://ics-cert.us-cert.gov/advisories/icsa-19-155-03
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-10956
Trust: 1.4
url:https://www.geutebrueck.com/en_en.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10956
Trust: 0.8
url:https://www.securityfocus.com/bid/108579
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22346 // 
            
            
            
            VULMON: CVE-2019-10956 // 
            
            
            
            BID: 108579 // 
            
            
            
            JVNDB: JVNDB-2019-014194 // 
            
            
            
            CNNVD: CNNVD-201906-088 // 
            
            
            
            NVD: CVE-2019-10956

CREDITS
Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201906-088

SOURCES
db:CNVDid:CNVD-2020-22346
db:VULMONid:CVE-2019-10956
db:BIDid:108579
db:JVNDBid:JVNDB-2019-014194
db:CNNVDid:CNNVD-201906-088
db:NVDid:CVE-2019-10956

LAST UPDATE DATE
2024-11-23T21:51:41.399000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22346date:2020-04-12T00:00:00
db:VULMONid:CVE-2019-10956date:2020-01-24T00:00:00
db:BIDid:108579date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-014194date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-201906-088date:2020-01-19T00:00:00
db:NVDid:CVE-2019-10956date:2024-11-21T04:20:13.833

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22346date:2020-04-12T00:00:00
db:VULMONid:CVE-2019-10956date:2020-01-17T00:00:00
db:BIDid:108579date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-014194date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-201906-088date:2019-06-04T00:00:00
db:NVDid:CVE-2019-10956date:2020-01-17T18:15:12.040