Davy Douhine

**Name of the Vulnerable Software and Affected Versions** Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Topline TopFD-2125 version 3.15.1 **Description** An SQL injection issue has been identified, which may allow an attacker to alter stored data. **Recommendations** For Geutebruck G-Cam/EFD-2250 version 1.12.0.4, consider restricting access to the SQL database to minimize the risk of exploitation. For Topline TopFD-2125 version 3.15.1, avoid using user-input data in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Topline TopFD-2125 version 3.15.1 **Description** A server-side request forgery issue has been identified, which could lead to proxied network scans. **Recommendations** For Geutebruck G-Cam/EFD-2250 version 1.12.0.4, restrict access to the camera's network functionality until a patch is available. For Topline TopFD-2125 version 3.15.1, consider disabling the camera's ability to perform network requests as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Topline TopFD-2125 version 3.15.1 **Description** An improper access control issue has been identified, which could allow a full configuration download, including passwords. **Recommendations** For Geutebruck G-Cam/EFD-2250 version 1.12.0.4, update to a newer version that addresses the improper access control issue. For Topline TopFD-2125 version 3.15.1, update to a newer version that addresses the improper access control issue. As a temporary workaround, consider restricting access to the camera's configuration settings until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Topline TopFD-2125 version 3.15.1 **Description** A cross-site request forgery issue has been identified, which may allow an unauthorized user to be added to the system. **Recommendations** For Geutebruck G-Cam/EFD-2250 version 1.12.0.4, update to a newer version that contains a fix for this issue. For Topline TopFD-2125 version 3.15.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Geutebruck G-Cam/EFD-2250 version 1.12.0.4 Topline TopFD-2125 version 3.15.1 **Description** A cross-site scripting issue has been identified, which may allow remote code execution. **Recommendations** For Geutebruck G-Cam/EFD-2250 version 1.12.0.4, at the moment, there is no information about a newer version that contains a fix for this issue. For Topline TopFD-2125 version 3.15.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LOYTEC LVIS-3ME versions prior to 6.2.0 **Description** A Relative Path Traversal issue was discovered in the web user interface, which fails to prevent access to critical files that non-administrative users should not have access to. This could allow an attacker to create or modify files or execute arbitrary code. **Recommendations** For LOYTEC LVIS-3ME versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Digium Asterisk GUI versions 2.1.0 and prior **Description** An issue with improper neutralization of special elements used in an OS command was found, which may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. **Recommendations** For Digium Asterisk GUI versions 2.1.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Geutebruck IP Camera G-Cam/EFD-2250 version 1.11.0.12 **Description** The issue is related to the improper neutralization of special elements in the logic of data requests, which can allow a remote attacker to gain access to the operating system with root privileges and execute arbitrary code. This can potentially lead to remote code execution. **Recommendations** For version 1.11.0.12, consider restricting access to the operating system to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.