CVE-2020-16205

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-16205

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

U

sing a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

References
Link Resource
http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html Exploit Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03 Third Party Advisory US Government Resource
http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html Exploit Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.14.5:*:*:*:*:*:*:*
OR cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*
History

21 Nov 2024, 05:06

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html - Exploit, Third Party Advisory () http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html - Exploit, Third Party Advisory
References () https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03 - Third Party Advisory, US Government Resource
Information

Published : 2020-08-14 14:15

Updated : 2024-11-21 05:06

NVD link : CVE-2020-16205

Mitre link : CVE-2020-16205

CVE.ORG link : CVE-2020-16205

JSON object : View

Products Affected

geutebrueck

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')