Geutebruck IP Cameras Vulnerabilities
ATTENTION: Exploitable remotely/low skill level to exploit.
Vendor: Geutebrück
Equipment: IP Cameras
Vulnerabilities: Improper Authentication, SQL Injection, Cross-Site Request Forgery, Improper Access Control, Server-Side Request Forgery, Cross-site Scripting
AFFECTED PRODUCTS
Geutebrück reports that the vulnerabilities affect the following IP cameras:
- G-Cam/EFD-2250 (part n° 5.02024) firmware version 1.12.0.4, and
- Topline TopFD-2125 (part n° 5.02820) firmware version 3.15.1
IMPACT
Successful exploitation of these vulnerabilities could lead to proxy network scans, access to a database, adding an unauthorized user to the system, full configuration download including passwords, and remote code execution.
MITIGATION
Geutebrück recommends G-Cam/EFD-2250 users download and update to the newest firmware version, 1.12.0.19, by registering for a new WebClub account, or by logging into an existing account at the following location:
https://www.geutebrueck.com//en_EN/login.html (link is external)
Topline users can visit the previous link for workaround advice and contact information regarding the vulnerabilities associated with the device.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.