Vulnerabilites related to Geutebrück - Encoder G-Code
cve-2021-33551
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-16 18:13
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in environment.lang parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33551",
"datePublished": "2021-09-13T17:55:44.932289Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T18:13:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33552
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-17 01:50
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33552",
"datePublished": "2021-09-13T17:55:46.549577Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:50:35.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33549
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-17 00:00
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/ | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T21:06:48",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:01.000Z",
"ID": "CVE-2021-33549",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in action parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
},
{
"name": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164191/Geutebruck-instantrec-Remote-Command-Execution.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33549",
"datePublished": "2021-09-13T17:55:41.804280Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T00:00:56.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33550
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-17 01:11
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in date parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33550",
"datePublished": "2021-09-13T17:55:43.372471Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:11:15.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33553
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in command parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33553",
"datePublished": "2021-09-13T17:55:48.174522Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T20:17:28.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33548
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in preserve parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33548",
"datePublished": "2021-09-13T17:55:40.187378Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T19:41:35.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33554
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-17 03:08
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Command injection in appfile.filename parameter leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33554",
"datePublished": "2021-09-13T17:55:49.767891Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T03:08:06.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33543
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/ | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2 "
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T14:30:17",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2021-33543",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2 "
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33543",
"datePublished": "2021-09-13T17:55:32",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33545
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-17 01:55
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/ | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:35",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33545",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in counter parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33545",
"datePublished": "2021-09-13T17:55:35.310478Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:55:45.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33546
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-17 04:24
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/ | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:36",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33546",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in name parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33546",
"datePublished": "2021-09-13T17:55:36.920572Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T04:24:10.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33544
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: command injection leading to RCE",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33544",
"datePublished": "2021-09-13T17:55:33.770594Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T17:03:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33547
Vulnerability from cvelistv5
Published
2021-09-13 17:55
Modified
2024-09-17 02:47
Severity ?
EPSS score ?
Summary
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/ | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Geutebrück | E2 Series |
Version: EBC-21xx 1.12.13.2 Version: EBC-21xx 1.12.14.5 Version: EFD-22xx 1.12.13.2 Version: EFD-22xx 1.12.14.5 Version: ETHC-22xx 1.12.13.2 Version: ETHC-22xx 1.12.14.5 Version: EWPC-22xx 1.12.13.2 Version: EWPC-22xx 1.12.14.5 Version: EBC-21xx < Version: EFD-22xx < Version: ETHC-22xx < Version: EWPC-22xx < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "E2 Series",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EBC-21xx 1.12.13.2"
},
{
"status": "affected",
"version": "EBC-21xx 1.12.14.5"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EFD-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "ETHC-22xx 1.12.14.5"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.13.2"
},
{
"status": "affected",
"version": "EWPC-22xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EBC-21xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EFD-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "ETHC-22xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EWPC-22xx",
"versionType": "custom"
}
]
},
{
"product": "Encoder G-Code",
"vendor": "Geutebr\u00fcck",
"versions": [
{
"status": "affected",
"version": "EEC-2xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEC-2xx 1.12.14.5"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.13.2"
},
{
"status": "affected",
"version": "EEN-20xx 1.12.14.5"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEC-2xx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.12.0.27",
"status": "affected",
"version": "EEN-20xx",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:55:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-33547",
"STATE": "PUBLIC",
"TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Buffer overflow in profile parameter leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E2 Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EBC-21xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EBC-21xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EFD-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EFD-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "ETHC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "ETHC-22xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EWPC-22xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EWPC-22xx",
"version_value": "1.12.14.5"
}
]
}
},
{
"product_name": "Encoder G-Code",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "EEC-2xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEC-2xx",
"version_value": "1.12.14.5"
},
{
"version_affected": "\u003c=",
"version_name": "EEN-20xx",
"version_value": "1.12.0.27"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.13.2"
},
{
"version_affected": "=",
"version_name": "EEN-20xx",
"version_value": "1.12.14.5"
}
]
}
}
]
},
"vendor_name": "Geutebr\u00fcck"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33547",
"datePublished": "2021-09-13T17:55:38.601837Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T02:47:47.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}