CVE-2018-19007

moderate-risk
Published 2018-12-14

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.

Do I need to act?

~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

G-Cam\/Efd-2251 Firmware
G-Cam\/Ewpc-2275 Firmware

Affected Vendors

Geutebrueck

References (4)

Third Party Advisory http://www.securityfocus.com/bid/106208
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03
Third Party Advisory http://www.securityfocus.com/bid/106208
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 5/34 · Minimal
Exposure 7/34 · Low