Subscribe via feed.

Geutebruck testaction.cgi Remote Command Execution

Posted by deepcore on August 18, 2020 – 5:43 am

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the ‘server’ GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.25 as well as firmware versions 1.12.13.2 and 1.12.14.5 when the 'type' GET parameter is set to 'ntp'. Successful exploitation results in remote code execution as the root user.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.