Sign-up

ID

VAR-201705-3256


CVE

CVE-2017-5174


TITLE

Geutebruck IP Camera G-Cam/EFD-2250 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004264

DESCRIPTION

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition. G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company

Trust: 2.79

sources: NVD: CVE-2017-5174 // JVNDB: JVNDB-2017-004264 // CNVD: CNVD-2017-01888 // BID: 96209 // IVD: 409c1fe8-a44c-4075-b30d-bc6e6046c75f // VULHUB: VHN-113377 // VULMON: CVE-2017-5174

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 409c1fe8-a44c-4075-b30d-bc6e6046c75f // CNVD: CNVD-2017-01888

AFFECTED PRODUCTS

vendor:geutebruckmodel:ip camera g-cam efd-2250scope:eqversion:1.11.0.12

Trust: 1.6

vendor:geutebruckmodel:g-cam/efd-2250scope:eqversion:1.11.0.12

Trust: 1.1

vendor:geutebrueckmodel:g-cam/efd-2250scope:eqversion:1.11.0.12

Trust: 0.6

vendor:ip camera g cam efd 2250model: - scope:eqversion:1.11.0.12

Trust: 0.2

sources: IVD: 409c1fe8-a44c-4075-b30d-bc6e6046c75f // CNVD: CNVD-2017-01888 // BID: 96209 // JVNDB: JVNDB-2017-004264 // CNNVD: CNNVD-201702-610 // NVD: CVE-2017-5174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5174
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-5174
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-01888
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201702-610
value: CRITICAL

Trust: 0.6

IVD: 409c1fe8-a44c-4075-b30d-bc6e6046c75f
value: CRITICAL

Trust: 0.2

VULHUB: VHN-113377
value: HIGH

Trust: 0.1

VULMON: CVE-2017-5174
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5174
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-01888
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 409c1fe8-a44c-4075-b30d-bc6e6046c75f
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113377
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5174
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 409c1fe8-a44c-4075-b30d-bc6e6046c75f // CNVD: CNVD-2017-01888 // VULHUB: VHN-113377 // VULMON: CVE-2017-5174 // JVNDB: JVNDB-2017-004264 // CNNVD: CNNVD-201702-610 // NVD: CVE-2017-5174

PROBLEMTYPE DATA

problemtype:CWE-288

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-113377 // JVNDB: JVNDB-2017-004264 // NVD: CVE-2017-5174

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-610

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-610

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004264

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-113377 // 
            
            
            
            VULMON: CVE-2017-5174

PATCH
title:Top Pageurl:https://www.geutebrueck.com/en_EN.html
Trust: 0.8
title:Geutebruck G-Cam/EFD-2250 authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/89708
Trust: 0.6
title:Geutebrück G-Cam/EFD-2250 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68205
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01888 // 
            
            
            
            JVNDB: JVNDB-2017-004264 // 
            
            
            
            CNNVD: CNNVD-201702-610

EXTERNAL IDS
db:NVDid:CVE-2017-5174
Trust: 3.7
db:ICS CERTid:ICSA-17-045-02
Trust: 2.9
db:BIDid:96209
Trust: 2.7
db:EXPLOIT-DBid:41360
Trust: 1.8
db:CNNVDid:CNNVD-201702-610
Trust: 0.9
db:CNVDid:CNVD-2017-01888
Trust: 0.8
db:JVNDBid:JVNDB-2017-004264
Trust: 0.8
db:IVDid:409C1FE8-A44C-4075-B30D-BC6E6046C75F
Trust: 0.2
db:VULHUBid:VHN-113377
Trust: 0.1
db:VULMONid:CVE-2017-5174
Trust: 0.1
sources:
            
            
            IVD: 409c1fe8-a44c-4075-b30d-bc6e6046c75f // 
            
            
            
            CNVD: CNVD-2017-01888 // 
            
            
            
            VULHUB: VHN-113377 // 
            
            
            
            VULMON: CVE-2017-5174 // 
            
            
            
            BID: 96209 // 
            
            
            
            JVNDB: JVNDB-2017-004264 // 
            
            
            
            CNNVD: CNNVD-201702-610 // 
            
            
            
            NVD: CVE-2017-5174

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-045-02
Trust: 2.7
url:http://www.securityfocus.com/bid/96209
Trust: 2.4
url:https://www.exploit-db.com/exploits/41360/
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5174
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5174
Trust: 0.8
url:http://www.geutebrueck.com/en_en/product-overview-31934.html
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-045-02 
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=52663
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01888 // 
            
            
            
            VULHUB: VHN-113377 // 
            
            
            
            VULMON: CVE-2017-5174 // 
            
            
            
            BID: 96209 // 
            
            
            
            JVNDB: JVNDB-2017-004264 // 
            
            
            
            CNNVD: CNNVD-201702-610 // 
            
            
            
            NVD: CVE-2017-5174

CREDITS
Florent Montel, Frederic Cikala, and Davy Douhine of RandoriSec
Trust: 0.3
sources:
            
            
            BID: 96209

SOURCES
db:IVDid:409c1fe8-a44c-4075-b30d-bc6e6046c75f
db:CNVDid:CNVD-2017-01888
db:VULHUBid:VHN-113377
db:VULMONid:CVE-2017-5174
db:BIDid:96209
db:JVNDBid:JVNDB-2017-004264
db:CNNVDid:CNNVD-201702-610
db:NVDid:CVE-2017-5174

LAST UPDATE DATE
2024-11-23T22:13:01.847000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01888date:2017-02-24T00:00:00
db:VULHUBid:VHN-113377date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-5174date:2019-10-03T00:00:00
db:BIDid:96209date:2017-03-07T04:02:00
db:JVNDBid:JVNDB-2017-004264date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201702-610date:2019-10-23T00:00:00
db:NVDid:CVE-2017-5174date:2024-11-21T03:27:12.083

SOURCES RELEASE DATE
db:IVDid:409c1fe8-a44c-4075-b30d-bc6e6046c75fdate:2017-02-24T00:00:00
db:CNVDid:CNVD-2017-01888date:2017-02-24T00:00:00
db:VULHUBid:VHN-113377date:2017-05-19T00:00:00
db:VULMONid:CVE-2017-5174date:2017-05-19T00:00:00
db:BIDid:96209date:2017-02-14T00:00:00
db:JVNDBid:JVNDB-2017-004264date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201702-610date:2017-02-20T00:00:00
db:NVDid:CVE-2017-5174date:2017-05-19T03:29:00.230