Attacker Value
Moderate
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Network
1

CVE-2020-16205

Disclosure Date: August 14, 2020
CVE-2020-16205 CVSS v3 Base Score: 7.2
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

Add Assessment

2
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very High
Easy to weaponizeGives privileged accessVulnerable in default configurationAuthenticated
Technical Analysis

The server GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.25 as well as firmware versions 1.12.13.2 and 1.12.14.5 is vulnerable to command injection when the type GET parameter is set to ntp. Attackers who successfully exploit this vulnerability can gain remote code execution as the root user, meaning that this a perfect vulnerability for attackers looking to gain an initial foothold into a network.

Additionally as these are security cameras, I imagine there are a lot of nasty things one could potentially do with these devices related to spying on companies and operations that could pave the way to more crimes down the line. So the effects of this attack on an enterprise could potentially go beyond just a network breach.

Fortunately this is an authenticated attack and it requires valid login credentials to exploit. Unfortunately though, these are the types of devices that people tend to set up and then forget about until its needed, so I wouldn’t be surprised if people were still running these cameras with the default credentials of root and admin.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.2 High
Impact Score:
5.9
Exploitability Score:
1.2
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
G-Cam and G-Code Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/linux/http/geutebruck_testaction_exec
Reporter
Unknown

Vendors

  • geutebrueck

Products

  • g-cam ebc-2110 firmware 1.12.0.25,
  • g-cam ebc-2110 firmware 1.12.13.2,
  • g-cam ebc-2110 firmware 1.12.14.5,
  • g-cam ebc-2111 firmware 1.12.0.25,
  • g-cam ebc-2111 firmware 1.12.13.2,
  • g-cam ebc-2111 firmware 1.12.14.5,
  • g-cam efd-2240 firmware 1.12.0.25,
  • g-cam efd-2240 firmware 1.12.13.2,
  • g-cam efd-2240 firmware 1.12.14.5,
  • g-cam efd-2241 firmware 1.12.0.25,
  • g-cam efd-2241 firmware 1.12.13.2,
  • g-cam efd-2241 firmware 1.12.14.5,
  • g-cam efd-2250 firmware 1.12.0.25,
  • g-cam efd-2250 firmware 1.12.13.2,
  • g-cam efd-2250 firmware 1.12.14.5,
  • g-cam ethc-2230 firmware 1.12.0.25,
  • g-cam ethc-2230 firmware 1.12.13.2,
  • g-cam ethc-2230 firmware 1.12.14.5,
  • g-cam ethc-2239 firmware 1.12.0.25,
  • g-cam ethc-2239 firmware 1.12.13.2,
  • g-cam ethc-2239 firmware 1.12.14.5,
  • g-cam ethc-2240 firmware 1.12.0.25,
  • g-cam ethc-2240 firmware 1.12.13.2,
  • g-cam ethc-2240 firmware 1.12.14.5,
  • g-cam ethc-2249 firmware 1.12.0.25,
  • g-cam ethc-2249 firmware 1.12.13.2,
  • g-cam ethc-2249 firmware 1.12.14.5,
  • g-cam ewpc-2270 firmware 1.12.0.25,
  • g-cam ewpc-2270 firmware 1.12.13.2,
  • g-cam ewpc-2270 firmware 1.12.14.5,
  • g-code eec-2400 firmware 1.12.0.25,
  • g-code eec-2400 firmware 1.12.13.2,
  • g-code eec-2400 firmware 1.12.14.5

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis