ID CVE-2017-5173
Summary An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.
References
Vulnerable Configurations
  • cpe:2.3:o:geutebruck:ip_camera_g-cam_efd-2250_firmware:1.11.0.12
    cpe:2.3:o:geutebruck:ip_camera_g-cam_efd-2250_firmware:1.11.0.12
  • cpe:2.3:h:geutebruck:ip_camera_g-cam_efd-2250
    cpe:2.3:h:geutebruck:ip_camera_g-cam_efd-2250
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-943
CAPEC
exploit-db via4
description Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit). CVE-2017-5173,CVE-2017-5174. Webapps exploit for Hardware platform
file exploits/hardware/webapps/41360.rb
id EDB-ID:41360
last seen 2017-02-15
modified 2017-02-15
platform hardware
port
published 2017-02-15
reporter Exploit-DB
source https://www.exploit-db.com/download/41360/
title Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
type webapps
packetstorm via4
data source https://packetstormsecurity.com/files/download/141142/geutebruck-exec.rb.txt
id PACKETSTORM:141142
last seen 2017-02-18
published 2017-02-17
reporter Davy Douhine
source https://packetstormsecurity.com/files/141142/Geutebruck-testaction.cgi-Remote-Command-Execution.html
title Geutebruck testaction.cgi Remote Command Execution
refmap via4
bid 96209
misc https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02
Last major update 18-05-2017 - 23:29
Published 18-05-2017 - 23:29
Last modified 31-08-2017 - 21:29
Back to Top