BID:106208

Geutebrück GmbH E2 Series IP Cameras CVE-2018-19007 OS Command Injection Vulnerability

CVE-2018-19007 |

Info

Geutebrück GmbH E2 Series IP Cameras CVE-2018-19007 OS Command Injection Vulnerability

Bugtraq ID:	106208
Class:	Input Validation Error
CVE:	CVE-2018-19007
Remote:	Yes
Local:	No
Published:	Dec 14 2018 12:00AM
Updated:	Dec 14 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Geutebrück GmbH E2 series camera 1.12

Not Vulnerable:	Geutebrück GmbH E2 series camera 1.12.0.25

Discussion

Geutebrück GmbH E2 Series IP Cameras CVE-2018-19007 OS Command Injection Vulnerability

GeutebrÃ¼ck GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability.

An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.

Versions prior to E2 series cameras 1.12.0.25 are vulnerable.

Exploit / POC

Geutebrück GmbH E2 Series IP Cameras CVE-2018-19007 OS Command Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Geutebrück GmbH E2 Series IP Cameras CVE-2018-19007 OS Command Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Geutebrück GmbH E2 Series IP Cameras CVE-2018-19007 OS Command Injection Vulnerability

References:

Geutebrück Homepage (Geutebrück)
ICSA-18-347-03: Geutebrück GmbH E2 Series IP Cameras (CERT)