ID CVE-2017-5173
Summary An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.
References
Vulnerable Configurations
  • cpe:2.3:o:geutebruck:ip_camera_g-cam_efd-2250_firmware:1.11.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:geutebruck:ip_camera_g-cam_efd-2250_firmware:1.11.0.12:*:*:*:*:*:*:*
  • cpe:2.3:h:geutebruck:ip_camera_g-cam_efd-2250:-:*:*:*:*:*:*:*
    cpe:2.3:h:geutebruck:ip_camera_g-cam_efd-2250:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 01-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-943
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 96209
exploit-db 41360
misc https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02
Last major update 01-09-2017 - 01:29
Published 19-05-2017 - 03:29
Back to Top