CVE-2020-16205

HIGH

Geutebruck G-Cam and G-Code Firmware <= 1.12.0.25 - Authenticated Remote Command Execution via Crafted URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-16205. PoCs published by Davy Douhine, including Metasploit module exploits/linux/http/geutebruck_testaction_exec.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in Geutebruck cameras via the 'server' parameter in testaction.cgi when 'type' is set to 'ntp'. It achieves remote code execution as root by injecting a payload into the GET request.

Description

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

Exploits (1)

metasploit WORKING POC EXCELLENT

by Davy Douhine · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/geutebruck_testaction_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in Geutebruck cameras via the 'server' parameter in testaction.cgi when 'type' is set to 'ntp'. It achieves remote code execution as root by injecting a payload into the GET request.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Geutebruck G-Cam EEC-2xxx, G-Code EBC-21xx, EFD-22xx, ETHC-22xx, EWPC-22xx (firmware <= 1.12.0.25, 1.12.13.2, 1.12.14.5)

Auth required

Prerequisites: Valid credentials (default: root/admin) · Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html

Scores

CVSS v3 7.2

EPSS 0.6044

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (33)

geutebrueck/g-cam_ebc-2110_firmware 1.12.0.25

geutebrueck/g-cam_ebc-2110_firmware 1.12.13.2

geutebrueck/g-cam_ebc-2110_firmware 1.12.14.5

geutebrueck/g-cam_ebc-2111_firmware 1.12.0.25

geutebrueck/g-cam_ebc-2111_firmware 1.12.13.2

geutebrueck/g-cam_ebc-2111_firmware 1.12.14.5

geutebrueck/g-cam_efd-2240_firmware 1.12.0.25

geutebrueck/g-cam_efd-2240_firmware 1.12.13.2

geutebrueck/g-cam_efd-2240_firmware 1.12.14.5

geutebrueck/g-cam_efd-2241_firmware 1.12.0.25

... and 23 more

Published Aug 14, 2020

Tracked Since Feb 18, 2026