A few weeks ago we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” and found a RCE affecting version 18.104.22.168 and prior versions of E2 series IP cameras.
In fact it is the third time we find a a RCE on this product line. One in 2016, another one in 2017 and now a new one in 2018.
Like before we’ve choose to “responsible disclose” this 0day vulnerability, directly to Geutebruck and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). Since then a new firmware has been released (22.214.171.124) to fix that, ICS-CERT has released an advisory and a CVE (CVE-2018-19007) have been assigned.
Many thanks to Geutebruck and ICS-CERT teams.
“Successful exploitation of this vulnerability may allow a remote attacker to inject OS commands as root.”.
Geutebruck has released a new software version, Version 126.96.36.199, to address the identified vulnerability, which is available at the following location (registration needed):
If an update is not possible right now in between users can disable the “Enable anonymous access” option to mitigate the risk. The RCEs will remain but will only be reachable by authenticated users.
In the wild
Many brands use the same firmware (and are vulnerable too):
- UDP Technology (which is also the supplier of the firmware for the other vendors)
- THRIVE Intelligence