Geutebruck users are being urged to update after numerous critical vulnerabilities were discovered in the IoT devices
Updates have been issued after at least two Geutebruck security cameras were discovered to contain serious vulnerabilities that could lead to remote code execution (RCE).
Two internet protocol (IP) cameras made by the German company were littered with security flaws, which were described as being critically “dangerous” and easy to exploit.
Vulnerabilities included cross-site scripting (XSS), SQL injection, improper access control, and authentication vulnerabilities, which could lead to RCE.
These issues affect the G-Cam/EFD-2250 (version 1.12.0.4) and Topline TopFD-2125 (version 3.15.1).
The bugs were discovered by researchers Davy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock, who added that they require little skill to exploit.
The US Homeland Security branch ICS-CERT also issued a warning about the security flaws.
All vulnerabilities attracted high-scoring CVSS ratings, with one detailing 9.8/10 level of urgency.
The ICS-CERT report read: “Successful exploitation of these vulnerabilities could lead to proxy network scans, access to a database, adding an unauthorized user to the system, full configuration download including passwords, and remote code execution.”
An updated version (1.12.0.19) has already been issued to address these vulnerabilities.
But for users not yet running the new software, researchers advised them not to connect the cameras to the internet until they are fully updated.
IoT safety
This latest report raises ongoing concerns about the safety of using Internet of Things (IoT) devices.
A report released by research firm Gartner this week forecasts that $1.5 billion will be spent on increasing the security of IoT devices in 2018.
As the popularity for smart tech continues to rise, so does the risk of these devices being compromised by a third party.
The Cybersecurity Research Institute in Japan has also warned about the risks surrounding the use of IoT gadgets.
A report earlier this year stated: “IoT devices could potentially be turned into eavesdropping mechanisms that capture biometric data like fingerprints, voices and faces that access and control them.”