CVE-2021-33543 UDP Technology/Geutebrück camera devices: Authentication Bypass

2021-09-1317:55:32

CWE-306

CERTVDE

www.cve.org

udp technology

geutebrück

camera devices

authentication bypass

remote access

sensitive files

default user authentication

manipulation

denial of service

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.

CNA Affected

[
  {
    "product": "E2 Series",
    "vendor": "Geutebrück",
    "versions": [
      {
        "status": "affected",
        "version": "EBC-21xx 1.12.13.2 "
      },
      {
        "status": "affected",
        "version": "EBC-21xx 1.12.14.5"
      },
      {
        "status": "affected",
        "version": "EFD-22xx 1.12.13.2 "
      },
      {
        "status": "affected",
        "version": "EFD-22xx 1.12.14.5"
      },
      {
        "status": "affected",
        "version": "ETHC-22xx 1.12.13.2 "
      },
      {
        "status": "affected",
        "version": "ETHC-22xx 1.12.14.5"
      },
      {
        "status": "affected",
        "version": "EWPC-22xx 1.12.13.2 "
      },
      {
        "status": "affected",
        "version": "EWPC-22xx 1.12.14.5"
      },
      {
        "lessThanOrEqual": "1.12.0.27",
        "status": "affected",
        "version": "EBC-21xx",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.12.0.27",
        "status": "affected",
        "version": "EFD-22xx",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.12.0.27",
        "status": "affected",
        "version": "ETHC-22xx",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.12.0.27",
        "status": "affected",
        "version": "EWPC-22xx",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Encoder G-Code",
    "vendor": "Geutebrück",
    "versions": [
      {
        "status": "affected",
        "version": "EEC-2xx 1.12.13.2 "
      },
      {
        "status": "affected",
        "version": "EEC-2xx 1.12.14.5"
      },
      {
        "status": "affected",
        "version": "EEN-20xx 1.12.13.2 "
      },
      {
        "status": "affected",
        "version": "EEN-20xx 1.12.14.5"
      },
      {
        "lessThanOrEqual": "1.12.0.27",
        "status": "affected",
        "version": "EEC-2xx",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.12.0.27",
        "status": "affected",
        "version": "EEN-20xx",
        "versionType": "custom"
      }
    ]
  }
]