Geutebrück IP Cameras

Act Now9.8ICS-CERT ICSA-17-045-02Feb 14, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Geutebrück G-Cam/EFD-2250 IP camera contains authentication bypass and remote command execution vulnerabilities (CWE-288, CWE-78). An unauthenticated attacker on the network can send specially crafted requests to the camera's HTTP interface to execute arbitrary system commands with full privileges. The camera firmware version 1.11.0.12 is affected. The vendor has not released a patch and does not plan to fix this vulnerability, as the product is end-of-life.

What this means

What could happen

An attacker without authentication can remotely execute arbitrary commands on the camera, potentially allowing them to intercept video feeds, modify security recordings, or disable surveillance at critical facility entry points.

Who's at risk

Security and surveillance operations at water authorities, electric utilities, and other critical infrastructure that rely on Geutebrück IP cameras (G-Cam/EFD-2250 models) for physical access monitoring and facility surveillance. Any facility using these cameras for entry control, perimeter monitoring, or evidence recording should treat this as a facility security issue, not just an IT issue.

How it could be exploited

An attacker sends a specially crafted network request to the camera's web interface (port 80/443) with no authentication required. The vulnerable request parameters execute system commands directly on the device's operating system, giving the attacker full control over the camera process.

Prerequisites

Network access to the camera's HTTP/HTTPS port (80 or 443)
No authentication required

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (84.8%)No patch available (end-of-life product)Affects physical security systems

Exploitability

High exploit probability (EPSS 84.8%)

Affected products (1)

ProductAffected VersionsFix Status

G-Cam/EFD-2250:1.11.0.12No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

WORKAROUNDIsolate or disable Geutebrück IP cameras until a security assessment is completed and compensating controls are implemented

HARDENINGImplement firewall rules to restrict network access to cameras: block external/untrusted network access, limit internal access to authorized security monitoring workstations only

HARDENINGIf cameras must remain in service, segment them to a dedicated isolated VLAN with strict egress filtering to prevent attacker command exfiltration

HARDENINGMonitor camera network traffic for suspicious outbound connections or data transfers

Mitigations - no patch available

0/1

G-Cam/EFD-2250: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan replacement of G-Cam/EFD-2250 units with camera systems from vendors that provide security updates

CVEs (2)

CVE-2017-5174 CVE-2017-5173

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e095ba47-41a0-4247-9216-da8bb0e5aef0