SB2021072807 - Multiple vulnerabilities in Geutebrck G-Cam E2 and G-Code

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021072807

SB2021072807 - Multiple vulnerabilities in Geutebrck G-Cam E2 and G-Code

Published: July 28, 2021

Security Bulletin ID SB2021072807
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Missing Authentication for Critical Function (CVE-ID: CVE-2021-33543)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to default user authentication settings. A remote attacker can gain access to sensitive files and gain access to the target system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

2) Command Injection (CVE-ID: CVE-2021-33544)

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

3) Stack-based buffer overflow (CVE-ID: CVE-2021-33545)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the counter parameter. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

4) Stack-based buffer overflow (CVE-ID: CVE-2021-33546)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the name parameter. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

5) Stack-based buffer overflow (CVE-ID: CVE-2021-33547)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the profile parameter. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

6) Command Injection (CVE-ID: CVE-2021-33548)

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

7) Stack-based buffer overflow (CVE-ID: CVE-2021-33549)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the action parameter. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

8) Command Injection (CVE-ID: CVE-2021-33550)

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

9) Command Injection (CVE-ID: CVE-2021-33551)

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

10) Command Injection (CVE-ID: CVE-2021-33552)

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

11) Command Injection (CVE-ID: CVE-2021-33553)

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

12) Command Injection (CVE-ID: CVE-2021-33554)

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Remediation

Install update from vendor's website.

References