TROYANOSYVIRUS
Volver a CVEs

CVE-2021-33546

HIGH
7.2

Descripcion

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.

Detalles CVE

Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado9/13/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

geutebrueck:g-cam_ebc-2110geutebrueck:g-cam_ebc-2110_firmwaregeutebrueck:g-cam_ebc-2111geutebrueck:g-cam_ebc-2111_firmwaregeutebrueck:g-cam_ebc-2112geutebrueck:g-cam_ebc-2112_firmwaregeutebrueck:g-cam_efd-2241geutebrueck:g-cam_efd-2241_firmwaregeutebrueck:g-cam_efd-2250geutebrueck:g-cam_efd-2250_firmwaregeutebrueck:g-cam_efd-2251geutebrueck:g-cam_efd-2251_firmwaregeutebrueck:g-cam_ethc-2230geutebrueck:g-cam_ethc-2230_firmwaregeutebrueck:g-cam_ethc-2239geutebrueck:g-cam_ethc-2239_firmwaregeutebrueck:g-cam_ethc-2240geutebrueck:g-cam_ethc-2240_firmwaregeutebrueck:g-cam_ethc-2249geutebrueck:g-cam_ethc-2249_firmwaregeutebrueck:g-cam_ewpc-2270geutebrueck:g-cam_ewpc-2270_firmwaregeutebrueck:g-cam_ewpc-2271geutebrueck:g-cam_ewpc-2271_firmwaregeutebrueck:g-cam_ewpc-2275geutebrueck:g-cam_ewpc-2275_firmwaregeutebrueck:g-code_eec-2400geutebrueck:g-code_eec-2400_firmwaregeutebrueck:g-code_een-2010geutebrueck:g-code_een-2010_firmwaregeutebrueck:g-code_een-2040geutebrueck:g-code_een-2040_firmware

Debilidades (CWE)

CWE-121

Referencias

https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03(info@cert.vde.com)
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/(info@cert.vde.com)
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03(af854a3a-2127-422b-91ae-364da2661108)
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.