Vulnerability Details : CVE-2017-5174
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.
Vulnerability category: Execute code
Products affected by CVE-2017-5174
- cpe:2.3:o:geutebruck:ip_camera_g-cam_efd-2250_firmware:1.11.0.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5174
77.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5174
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-5174
-
A product requires authentication, but the product has an alternate path or channel that does not require authentication.Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2017-5174
-
https://www.exploit-db.com/exploits/41360/
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
-
https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02
Geutebrück IP Cameras | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/96209
Geutebruck G-Cam/EFD-2250 Authentication Bypass and Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
Jump to