CVE-2018-19007

CRITICAL

Geutebrueck E2 Camera Series < 1.12.0.25 - OS Command Injection via DDNS Configuration

Title source: llm
STIX 2.1

Description

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106208
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03

Scores

CVSS v3 9.8
EPSS 0.0388
EPSS Percentile 88.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
geutebrueck/g-cam\/efd-2251_firmware < 1.12.0.25
geutebrueck/g-cam\/ewpc-2275_firmware < 1.12.0.25
Published Dec 14, 2018
Tracked Since Feb 18, 2026