Geutebrück IP Camera Issue Fix

Wednesday, February 15, 2017 @ 11:02 AM gHale


Geutebrück patched an authentication bypass and improper neutralization of special elements vulnerabilities in its G-Cam IP camera, according to a report with ICS-CERT.

The G-Cam/EFD-2250 Version 1.11.0.12 suffers from the remotely exploitable vulnerability. Florent Montel and Frédéric Cikala discovered the authentication bypass vulnerability and Davy Douhine of RandoriSec found the improper access control vulnerability.

RELATED STORIES
Siemens Mitigates APOGEE Insight Issue
Rockwell Updates Buffer Overflow Fix
Siemens Clears SIMATIC Logon Hole
Smart Security Manager gets Fix

Successful exploitation of these vulnerabilities could allow the attacker to bypass authentication and obtain remote anonymous access to the device; these vulnerabilities may allow remote code execution.

Windhagen, Germany-based Geutebrück also has offices in Europe, the United States and Australia.

The product sees action mainly in the commercial facilities, energy and healthcare and public health sectors.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could exploit the vulnerabilities.

In one vulnerability, there is an authentication bypass vulnerability where the existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.

CVE-2017-5174 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

In another issue, there is an improper neutralization of special elements vulnerability. In this case, if special elements do not end up properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.

CVE-2017-5173 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

Geutebrück recommends customers download and update with the newest patch from this location by registering for a new web club account or logging into an existing account.



Leave a Reply

You must be logged in to post a comment.