TROYANOSYVIRUS
Voltar para CVEs

CVE-2021-33547

HIGH
7.2

Descricao

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

Detalhes CVE

Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado9/13/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

geutebrueck:g-cam_ebc-2110geutebrueck:g-cam_ebc-2110_firmwaregeutebrueck:g-cam_ebc-2111geutebrueck:g-cam_ebc-2111_firmwaregeutebrueck:g-cam_ebc-2112geutebrueck:g-cam_ebc-2112_firmwaregeutebrueck:g-cam_efd-2241geutebrueck:g-cam_efd-2241_firmwaregeutebrueck:g-cam_efd-2250geutebrueck:g-cam_efd-2250_firmwaregeutebrueck:g-cam_efd-2251geutebrueck:g-cam_efd-2251_firmwaregeutebrueck:g-cam_ethc-2230geutebrueck:g-cam_ethc-2230_firmwaregeutebrueck:g-cam_ethc-2239geutebrueck:g-cam_ethc-2239_firmwaregeutebrueck:g-cam_ethc-2240geutebrueck:g-cam_ethc-2240_firmwaregeutebrueck:g-cam_ethc-2249geutebrueck:g-cam_ethc-2249_firmwaregeutebrueck:g-cam_ewpc-2270geutebrueck:g-cam_ewpc-2270_firmwaregeutebrueck:g-cam_ewpc-2271geutebrueck:g-cam_ewpc-2271_firmwaregeutebrueck:g-cam_ewpc-2275geutebrueck:g-cam_ewpc-2275_firmwaregeutebrueck:g-code_eec-2400geutebrueck:g-code_eec-2400_firmwaregeutebrueck:g-code_een-2010geutebrueck:g-code_een-2010_firmwaregeutebrueck:g-code_een-2040geutebrueck:g-code_een-2040_firmware

Fraquezas (CWE)

CWE-121

Referencias

https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03(info@cert.vde.com)
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/(info@cert.vde.com)
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03(af854a3a-2127-422b-91ae-364da2661108)
https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.