Geutebruck IP Camera G-Cam EFD-2250 1.11.0.12 data query logic injection
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
8.1 | $0-$5k | 0.00 |
A vulnerability was found in Geutebruck IP Camera G-Cam EFD-2250 1.11.0.12 (Network Camera Software). It has been rated as critical. Affected by this issue is some unknown processing. The manipulation with an unknown input leads to a data query logic injection vulnerability. Using CWE to declare the problem leads to CWE-943. The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. Impacted is confidentiality, integrity, and availability. CVE summarizes:
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.
The bug was discovered 02/14/2017. The weakness was disclosed 05/19/2017 as EDB-ID 41360 as confirmed exploit (Exploit-DB). The advisory is shared for download at exploit-db.com. This vulnerability is handled as CVE-2017-5173 since 01/03/2017. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a public exploit is available.
A public exploit has been developed by RandoriSec and been published even before and not after the advisory. The exploit is available at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 93 days. During that time the estimated underground price was around $0-$5k.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the vulnerability database at Exploit-DB (41360). The entry 101493 is pretty similar.
Product
Type
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.5VulDB Meta Temp Score: 8.3
VulDB Base Score: 7.3
VulDB Temp Score: 6.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Data query logic injectionCWE: CWE-943 / CWE-20
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: RandoriSec
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
01/03/2017 🔍02/14/2017 🔍
02/14/2017 🔍
02/15/2017 🔍
02/15/2017 🔍
05/18/2017 🔍
05/19/2017 🔍
05/19/2017 🔍
12/25/2020 🔍
Sources
Advisory: EDB-ID 41360Researcher: Florent Montel, Frederic Cikala, Davy Douhine
Status: Confirmed
CVE: CVE-2017-5173 (🔍)
SecurityFocus: 96209 - Geutebruck G-Cam/EFD-2250 Authentication Bypass and Remote Code Execution Vulnerabilities
OSVDB: - CVE-2017-5173 - Geutebruck - Ip Camera G-Cam Efd-2250 Firmware - High
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 05/19/2017 14:05Updated: 12/25/2020 08:09
Changes: 05/19/2017 14:05 (68), 09/30/2020 12:12 (4), 12/25/2020 08:09 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.