CVE-2018-19007

Опубликовано: 14 дек. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.

Ссылки

http://www.securityfocus.com/bid/106208
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03
Mitigation
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/106208
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-347-03
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:geutebrueck:g-cam\/efd-2251_firmware:*:*:*:*:*:*:*:*

Версия до 1.12.0.25 (исключая)

cpe:2.3:h:geutebrueck:g-cam\/efd-2251:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:geutebrueck:g-cam\/ewpc-2275_firmware:*:*:*:*:*:*:*:*

Версия до 1.12.0.25 (исключая)

cpe:2.3:h:geutebrueck:g-cam\/ewpc-2275:-:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.0154

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-jp9c-gmhj-f22f