Geutebrück released new firmware to mitigate cross-site scripting and OS command injection vulnerabilities in its G-Cam and G-Code, according to a report with NCCIC.
Successful exploitation of these remotely exploitable vulnerabilities could allow remote code execution as root and remote code execution in the browser of the IP camera operator.
Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities.
Geutebruck reports the vulnerabilities affect the following Encoder and E2 Series Camera versions and models:
• G-Code: All versions 18.104.22.168 and prior
• G-Cam: All versions 22.214.171.124 and prior
In one issue, a cross-site scripting vulnerability allows a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.
CVE-2019-10957 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.8.
In addition, using a specially crafted URL command, a remote authenticated user can execute commands as root.
CVE-2019-10956 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.2.
Also, user input is not properly validated, which could allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.
CVE-2019-10958 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.2.
The product sees use in the commercial facilities, energy, financial services, government facilities, healthcare and public health, and transportation systems sectors. It also sees action on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
Germany-based Geutebruck recommends users upgrade to the latest firmware, Version 126.96.36.199 or later (Login Required).
Geutebruck also released a security advisory (Login Required).