{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-33553","assignerOrgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","assignerShortName":"CERTVDE","datePublished":"2021-09-13T17:55:48.174Z","dateUpdated":"2024-09-16T20:17:28.205Z","dateReserved":"2021-05-24T00:00:00.000Z"},"containers":{"cna":{"title":"UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE","datePublic":"2021-08-31T00:00:00.000Z","providerMetadata":{"orgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","shortName":"CERTVDE","dateUpdated":"2022-11-02T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code."}],"affected":[{"vendor":"Geutebrück","product":"E2 Series","versions":[{"version":"EBC-21xx 1.12.13.2","status":"affected"},{"version":"EBC-21xx 1.12.14.5","status":"affected"},{"version":"EFD-22xx 1.12.13.2","status":"affected"},{"version":"EFD-22xx 1.12.14.5","status":"affected"},{"version":"ETHC-22xx 1.12.13.2","status":"affected"},{"version":"ETHC-22xx 1.12.14.5","status":"affected"},{"version":"EWPC-22xx 1.12.13.2","status":"affected"},{"version":"EWPC-22xx 1.12.14.5","status":"affected"},{"version":"EBC-21xx","status":"affected","lessThanOrEqual":"1.12.0.27","versionType":"custom"},{"version":"EFD-22xx","status":"affected","lessThanOrEqual":"1.12.0.27","versionType":"custom"},{"version":"ETHC-22xx","status":"affected","lessThanOrEqual":"1.12.0.27","versionType":"custom"},{"version":"EWPC-22xx","status":"affected","lessThanOrEqual":"1.12.0.27","versionType":"custom"}]},{"vendor":"Geutebrück","product":"Encoder G-Code","versions":[{"version":"EEC-2xx 1.12.13.2","status":"affected"},{"version":"EEC-2xx 1.12.14.5","status":"affected"},{"version":"EEN-20xx 1.12.13.2","status":"affected"},{"version":"EEN-20xx 1.12.14.5","status":"affected"},{"version":"EEC-2xx","status":"affected","lessThanOrEqual":"1.12.0.27","versionType":"custom"},{"version":"EEN-20xx","status":"affected","lessThanOrEqual":"1.12.0.27","versionType":"custom"}]}],"references":[{"url":"https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03"}],"credits":[{"lang":"en","value":"Titouan Lazard and Ibrahim Ayadhi from RandoriSec reported these vulnerabilities."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","cweId":"CWE-78"}]}],"x_generator":{"engine":"vulnogram 0.1.0-rc1"},"source":{"discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T23:50:43.195Z"},"title":"CVE Program Container","references":[{"url":"https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/","tags":["x_transferred"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03","tags":["x_transferred"]}]}]}}