CVE-2020-16205

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2020-16205
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03 Third Party Advisory US Government Resource
http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html Exploit Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:1.12.14.5:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.0.25:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.13.2:*:*:*:*:*:*:*
cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:1.12.14.5:*:*:*:*:*:*:*
OR cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*
cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*
Information

Published : 2020-08-14 07:15

Updated : 2020-08-19 14:32

NVD link : CVE-2020-16205

Mitre link : CVE-2020-16205

JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa
Products Affected

geutebrueck

  • g-cam_efd-2250_firmware
  • g-cam_ethc-2249
  • g-cam_ewpc-2270_firmware
  • g-cam_efd-2241_firmware
  • g-cam_ethc-2230_firmware
  • g-cam_ebc-2110
  • g-code_eec-2400
  • g-cam_ethc-2230
  • g-cam_efd-2250
  • g-cam_ethc-2239
  • g-cam_ethc-2240_firmware
  • g-cam_ebc-2111
  • g-cam_ethc-2240
  • g-cam_ebc-2110_firmware
  • g-cam_efd-2240_firmware
  • g-cam_efd-2241
  • g-cam_ethc-2239_firmware
  • g-cam_ebc-2111_firmware
  • g-cam_efd-2240
  • g-cam_ewpc-2270
  • g-code_eec-2400_firmware
  • g-cam_ethc-2249_firmware