Details of VAR-202109-0858

ID

VAR-202109-0858

CVE

CVE-2021-33549

TITLE

GEUTEBRUCK Made G-Cam E2 and G-Code Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002023

DESCRIPTION

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-33549 // JVNDB: JVNDB-2021-002023 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-33549

IOT TAXONOMY

category:

['camera device']

sub_category:

camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	geutebrueck	model:	g-code een-2010	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2110	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2112	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2250	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2275	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-code een-2040	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2271	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2111	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2239	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2230	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2249	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-code een-2010	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2241	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2110	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-code een-2040	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2271	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2111	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2239	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2250	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2249	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2230	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2270	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-code eec-2400	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-code een-2010	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2241	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2240	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2251	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2230	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2241	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-code eec-2400	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2270	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2249	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-code eec-2400	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2240	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2251	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2275	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2112	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2270	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2275	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2110	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2250	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam efd-2251	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2240	scope:	lte	version:	1.12.0.27	Trust: 1.0
vendor:	geutebrueck	model:	g-code een-2040	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2112	scope:	eq	version:	1.12.13.2	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ewpc-2271	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ebc-2111	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebrueck	model:	g-cam ethc-2239	scope:	eq	version:	1.12.14.5	Trust: 1.0
vendor:	geutebruck	model:	-	scope:	eq	version:	‥ * firmware 1.12.13.2 1.12.14.5	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	* een-20xx	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	* efd-22xx	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	* ethc-22xx	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	‥ * g-cam	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	* eec-2xx	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	works with the above firmware s e2 series camera models encoders	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	-	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	* ebc-21xx	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	‥ * g-code	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	( multiple products )	Trust: 0.8
vendor:	geutebruck	model:	-	scope:	eq	version:	* ewpc-22xx	Trust: 0.8

sources: JVNDB: JVNDB-2021-002023 // NVD: CVE-2021-33549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33549
value:	HIGH
Trust: 1.0
info@cert.vde.com:	CVE-2021-33549
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2021-002023
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-2088
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-33549
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33549
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-33549
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-002023
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-33549 // JVNDB: JVNDB-2021-002023 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-2088 // NVD: CVE-2021-33549 // NVD: CVE-2021-33549

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Command injection (CWE-77) [ Other ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ Other ]	Trust: 0.8
problemtype:	Lack of authentication for important features (CWE-306) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-002023 // NVD: CVE-2021-33549

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-2088

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	GEUTEBRUCK ’ s web portal (Login required)	url:	https://portal.geutebrueck.com/	Trust: 0.8
title:	Multiple Geutebrück Repair measures for the error and vulnerability of the camera device buffer	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158068	Trust: 0.6

sources: JVNDB: JVNDB-2021-002023 // CNNVD: CNNVD-202107-2088

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33549	Trust: 2.6
db:	ICS CERT	id:	ICSA-21-208-03	Trust: 1.7
db:	PACKETSTORM	id:	164191	Trust: 1.7
db:	JVN	id:	JVNVU97817785	Trust: 0.8
db:	ICS CERT	id:	ICSA-21-208-05	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-002023	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021072807	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2550	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-2088	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-33549	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-33549 // JVNDB: JVNDB-2021-002023 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-2088 // NVD: CVE-2021-33549

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03	Trust: 2.3
url:	http://packetstormsecurity.com/files/164191/geutebruck-instantrec-remote-command-execution.html	Trust: 2.3
url:	https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu97817785/	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-208-05	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2550	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072807	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33549	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/121.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-33549 // JVNDB: JVNDB-2021-002023 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-2088 // NVD: CVE-2021-33549

CREDITS

Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202107-2088

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-33549
db:	JVNDB	id:	JVNDB-2021-002023
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-2088
db:	NVD	id:	CVE-2021-33549

LAST UPDATE DATE

2025-01-30T20:43:04.157000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-33549	date:	2021-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002023	date:	2021-07-29T08:30:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-2088	date:	2021-09-28T00:00:00
db:	NVD	id:	CVE-2021-33549	date:	2021-09-27T14:30:08.640

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-33549	date:	2021-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-002023	date:	2021-07-29T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-2088	date:	2021-07-27T00:00:00
db:	NVD	id:	CVE-2021-33549	date:	2021-09-13T18:15:22.773