CVE-2021-33554

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

CVSS v3 7.2 HIGH
CVSS v2.0 6.5 MEDIUM

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03	Third Party Advisory US Government Resource
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/	Exploit Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03	Third Party Advisory US Government Resource
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ebc-2110:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ebc-2111:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_efd-2241:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_efd-2250:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ethc-2230:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ethc-2239:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ethc-2240:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ethc-2249:*:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware::::::::
	cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-code_eec-2400:*:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-code_een-2010_firmware::::::::
	cpe:2.3:o:geutebrueck:g-code_een-2010_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-code_een-2010_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-code_een-2010:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-code_een-2040_firmware::::::::
	cpe:2.3:o:geutebrueck:g-code_een-2040_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-code_een-2040_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-code_een-2040:*:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ebc-2112_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ebc-2112_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ebc-2112_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ebc-2112:*:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_efd-2251_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_efd-2251_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_efd-2251_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_efd-2251:*:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ewpc-2275_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ewpc-2275_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ewpc-2275_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ewpc-2275:*:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

OR	cpe:2.3:o:geutebrueck:g-cam_ewpc-2271_firmware::::::::
	cpe:2.3:o:geutebrueck:g-cam_ewpc-2271_firmware:1.12.13.2:::::::*
	cpe:2.3:o:geutebrueck:g-cam_ewpc-2271_firmware:1.12.14.5:::::::*

cpe:2.3:h:geutebrueck:g-cam_ewpc-2271:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:09

Type	Values Removed	Values Added
References	~~() https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 - Third Party Advisory, US Government Resource~~	() https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 - Third Party Advisory, US Government Resource
References	~~() https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/ - Exploit, Third Party Advisory~~	() https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/ - Exploit, Third Party Advisory

07 Nov 2023, 03:35

Type	Values Removed	Values Added
Summary	~~Multiple camera devices by UDP Technology, GeutebrÃ¼ck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.~~	Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

Information

Published : 2021-09-13 18:15

Updated : 2024-11-21 06:09

NVD link : CVE-2021-33554

Mitre link : CVE-2021-33554

CVE.ORG link : CVE-2021-33554

JSON object : View

Products Affected

geutebrueck

g-cam_ethc-2240
g-cam_ewpc-2275
g-cam_ethc-2249_firmware
g-code_een-2010_firmware
g-cam_efd-2241_firmware
g-code_een-2010
g-cam_efd-2241
g-cam_ethc-2230
g-cam_ebc-2112
g-cam_ebc-2110
g-cam_ethc-2249
g-code_eec-2400_firmware
g-cam_ebc-2111
g-cam_ebc-2111_firmware
g-code_een-2040
g-cam_efd-2250
g-code_eec-2400
g-cam_efd-2251_firmware
g-cam_ebc-2110_firmware
g-cam_ewpc-2270_firmware
g-cam_ethc-2230_firmware
g-cam_efd-2250_firmware
g-cam_ebc-2112_firmware
g-cam_ethc-2239_firmware
g-cam_ewpc-2271
g-code_een-2040_firmware
g-cam_efd-2251
g-cam_ewpc-2275_firmware
g-cam_ewpc-2270
g-cam_ewpc-2271_firmware
g-cam_ethc-2240_firmware
g-cam_ethc-2239

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

7.2 /10