module
Geutebruck Multiple Remote Command Execution
| Disclosed |
|---|
| Jul 8, 2021 |
Disclosed
Jul 8, 2021
Description
This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder
and exploits multiple authenticated arbitrary command execution vulnerabilities within
the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,
EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in
remote code execution as the root user.
and exploits multiple authenticated arbitrary command execution vulnerabilities within
the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx,
EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in
remote code execution as the root user.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.