This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 18.104.22.168 and below as well as firmware versions 22.214.171.124 and 126.96.36.199. Successful exploitation results in remote code execution as the root user.
Geutebruck Remote Command Execution
Geutebruck Multiple Remote Command Execution
UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root
UDP Technology IP Camera Command Injection (CVE-2021-33544)