CVE-2020-16205

HIGH

Geutebrueck G-cam Ebc-2110 Firmware - OS Command Injection

Title source: rule

Description

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

Exploits (1)

metasploit WORKING POC EXCELLENT

by Davy Douhine · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/geutebruck_testaction_exec.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html

Scores

CVSS v3 7.2

EPSS 0.5518

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (33)

geutebrueck/g-cam_ebc-2110_firmware 1.12.0.25

geutebrueck/g-cam_ebc-2110_firmware 1.12.13.2

geutebrueck/g-cam_ebc-2110_firmware 1.12.14.5

geutebrueck/g-cam_ebc-2111_firmware 1.12.0.25

geutebrueck/g-cam_ebc-2111_firmware 1.12.13.2

geutebrueck/g-cam_ebc-2111_firmware 1.12.14.5

geutebrueck/g-cam_efd-2240_firmware 1.12.0.25

geutebrueck/g-cam_efd-2240_firmware 1.12.13.2

geutebrueck/g-cam_efd-2240_firmware 1.12.14.5

geutebrueck/g-cam_efd-2241_firmware 1.12.0.25

... and 23 more

Published Aug 14, 2020

Tracked Since Feb 18, 2026