Attacker Value
Moderate
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Network
1

CVE-2020-16205

Disclosure Date: August 14, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

Add Assessment

2
Ratings
Technical Analysis

The server GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.25 as well as firmware versions 1.12.13.2 and 1.12.14.5 is vulnerable to command injection when the type GET parameter is set to ntp. Attackers who successfully exploit this vulnerability can gain remote code execution as the root user, meaning that this a perfect vulnerability for attackers looking to gain an initial foothold into a network.

Additionally as these are security cameras, I imagine there are a lot of nasty things one could potentially do with these devices related to spying on companies and operations that could pave the way to more crimes down the line. So the effects of this attack on an enterprise could potentially go beyond just a network breach.

Fortunately this is an authenticated attack and it requires valid login credentials to exploit. Unfortunately though, these are the types of devices that people tend to set up and then forget about until its needed, so I wouldn’t be surprised if people were still running these cameras with the default credentials of root and admin.

CVSS V3 Severity and Metrics
Base Score:
7.2 High
Impact Score:
5.9
Exploitability Score:
1.2
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • geutebrueck

Products

  • g-cam ebc-2110 firmware 1.12.0.25,
  • g-cam ebc-2110 firmware 1.12.13.2,
  • g-cam ebc-2110 firmware 1.12.14.5,
  • g-cam ebc-2111 firmware 1.12.0.25,
  • g-cam ebc-2111 firmware 1.12.13.2,
  • g-cam ebc-2111 firmware 1.12.14.5,
  • g-cam efd-2240 firmware 1.12.0.25,
  • g-cam efd-2240 firmware 1.12.13.2,
  • g-cam efd-2240 firmware 1.12.14.5,
  • g-cam efd-2241 firmware 1.12.0.25,
  • g-cam efd-2241 firmware 1.12.13.2,
  • g-cam efd-2241 firmware 1.12.14.5,
  • g-cam efd-2250 firmware 1.12.0.25,
  • g-cam efd-2250 firmware 1.12.13.2,
  • g-cam efd-2250 firmware 1.12.14.5,
  • g-cam ethc-2230 firmware 1.12.0.25,
  • g-cam ethc-2230 firmware 1.12.13.2,
  • g-cam ethc-2230 firmware 1.12.14.5,
  • g-cam ethc-2239 firmware 1.12.0.25,
  • g-cam ethc-2239 firmware 1.12.13.2,
  • g-cam ethc-2239 firmware 1.12.14.5,
  • g-cam ethc-2240 firmware 1.12.0.25,
  • g-cam ethc-2240 firmware 1.12.13.2,
  • g-cam ethc-2240 firmware 1.12.14.5,
  • g-cam ethc-2249 firmware 1.12.0.25,
  • g-cam ethc-2249 firmware 1.12.13.2,
  • g-cam ethc-2249 firmware 1.12.14.5,
  • g-cam ewpc-2270 firmware 1.12.0.25,
  • g-cam ewpc-2270 firmware 1.12.13.2,
  • g-cam ewpc-2270 firmware 1.12.14.5,
  • g-code eec-2400 firmware 1.12.0.25,
  • g-code eec-2400 firmware 1.12.13.2,
  • g-code eec-2400 firmware 1.12.14.5

Additional Info

Technical Analysis