A vulnerability was found in Geutebruck G-Cam EFD-2250 and Topline TopFD-2125 and classified as problematic. Affected by this issue is an unknown function of the component Access Control. The manipulation with an unknown input leads to a access control vulnerability (Config). Using CWE to declare the problem leads to CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Impacted is confidentiality. CVE summarizes:

An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords.

The bug was discovered 03/20/2018. The weakness was released 03/22/2018 by Matt as ICSA-18-079-01 (Website). The advisory is available at ics-cert.us-cert.gov. This vulnerability is handled as CVE-2018-7520 since 02/26/2018. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a public exploit is available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

The exploit is available at exploit-db.com. It is declared as proof-of-concept.

Upgrading to version 1.12.0.19 eliminates this vulnerability. The upgrade is hosted for download at geutebrueck.com. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Exploit-DB (44957). Entries connected to this vulnerability are available at 114924, 114925, 114927 and 114928.

Productinfo

Vendor

• Geutebruck

Name

• G-Cam EFD-2250
• Topline TopFD-2125

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion