Vulnerability Details : CVE-2021-33548
Public exploit exists!
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2021-33548
97.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-33548
-
Geutebruck Multiple Remote Command Execution
Disclosure Date: 2021-07-08First seen: 2022-12-23exploit/linux/http/geutebruck_cmdinject_cve_2021_335xxThis module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EF
CVSS scores for CVE-2021-33548
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
CERT VDE | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2021-33548
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by:
- info@cert.vde.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2021-33548
-
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03
Geutebrück G-Cam E2 and G-Code | CISAThird Party Advisory;US Government Resource
-
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/
UDP Technology IP Camera vulnerabilitiesExploit;Third Party Advisory
Products affected by CVE-2021-33548
- cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Eec-2400
- cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Eec-2400
- cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Eec-2400
- cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2110
- cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2110
- cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2110
- cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2111
- cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2111
- cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2111
- cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2241
- cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2241
- cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2241
- cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2250
- cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2250
- cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2250
- cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2230
- cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2230
- cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2230
- cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2240
- cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2240
- cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2240
- cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2239
- cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2239
- cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2239
- cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2249
- cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2249
- cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ethc-2249
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2270
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2270
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2270
- cpe:2.3:o:geutebrueck:g-code_een-2010_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Een-2010
- cpe:2.3:o:geutebrueck:g-code_een-2010_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Een-2010
- cpe:2.3:o:geutebrueck:g-code_een-2010_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Een-2010
- cpe:2.3:o:geutebrueck:g-code_een-2040_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Een-2040
- cpe:2.3:o:geutebrueck:g-code_een-2040_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Een-2040
- cpe:2.3:o:geutebrueck:g-code_een-2040_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-code Een-2040
- cpe:2.3:o:geutebrueck:g-cam_ebc-2112_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2112
- cpe:2.3:o:geutebrueck:g-cam_ebc-2112_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2112
- cpe:2.3:o:geutebrueck:g-cam_ebc-2112_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ebc-2112
- cpe:2.3:o:geutebrueck:g-cam_efd-2251_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2251
- cpe:2.3:o:geutebrueck:g-cam_efd-2251_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2251
- cpe:2.3:o:geutebrueck:g-cam_efd-2251_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Efd-2251
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2275_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2275
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2275_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2275
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2275_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2275
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2271_firmware:*:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2271
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2271_firmware:1.12.13.2:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2271
- cpe:2.3:o:geutebrueck:g-cam_ewpc-2271_firmware:1.12.14.5:*:*:*:*:*:*:*When used together with: Geutebrueck » G-cam Ewpc-2271