CVE-2019-10957

Name of the Vulnerable Software and Affected Versions Geutebruck IP Cameras G-Code(EEC-2xxx) versions 1.12.0.25 and prior Geutebruck IP Cameras G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx) versions 1.12.0.25 and prior

Description The issue allows a remote authenticated attacker with access to event configuration to store malicious code on the server. This malicious code could later be triggered by a legitimate user, resulting in code execution within the user’s browser.

Recommendations For Geutebruck IP Cameras G-Code(EEC-2xxx) versions 1.12.0.25 and prior, update to a version later than 1.12.0.25 to resolve the issue. For Geutebruck IP Cameras G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx) versions 1.12.0.25 and prior, update to a version later than 1.12.0.25 to resolve the issue. As a temporary workaround, consider restricting access to event configuration to minimize the risk of exploitation.