CVE-2025-12463
📋 TL;DR
An unauthenticated SQL injection vulnerability in Geutebruck G-Cam E-Series cameras allows attackers to execute arbitrary SQL commands via the Group parameter in the Param.cgi script. This affects EFD-2130 cameras running firmware version 1.12.0.19 and potentially other models in the series. Attackers can exploit this without credentials to potentially gain full control of affected devices.
💻 Affected Systems
- Geutebruck G-Cam E-Series Cameras
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of camera system leading to device takeover, data exfiltration, lateral movement to internal networks, and persistent backdoor installation.
Likely Case
Unauthorized access to camera feeds, configuration modification, credential theft, and denial of service.
If Mitigated
Limited impact if cameras are isolated in separate VLANs with strict network segmentation and egress filtering.
🎯 Exploit Status
Exploitation requires simple HTTP requests with SQL injection payloads. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: Yes
Instructions:
1. Check Geutebruck security advisories for firmware updates. 2. Download latest firmware from vendor portal. 3. Backup camera configuration. 4. Upload firmware via web interface. 5. Reboot camera after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate cameras in separate VLAN with strict firewall rules
Web Application Firewall
allDeploy WAF with SQL injection protection rules
🧯 If You Can't Patch
- Block external access to camera web interfaces at network perimeter
- Implement strict input validation at proxy level for /uapi-cgi/viewer/Param.cgi endpoints
🔍 How to Verify
Check if Vulnerable:
Send HTTP GET request to /uapi-cgi/viewer/Param.cgi?Group=' OR '1'='1 and check for SQL error responses or unexpected dataCheck Version:
Check firmware version in camera web interface under System > InformationVerify Fix Applied:
Test same payload after patching - should return proper error or no data instead of SQL errors📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in web logs
- Multiple failed authentication attempts from single IP
- Unexpected parameter values in Param.cgi requests
Network Indicators:
- HTTP requests to /uapi-cgi/viewer/Param.cgi with SQL keywords in parameters
- Unusual outbound connections from cameras
SIEM Query:
source="camera_logs" AND (uri="/uapi-cgi/viewer/Param.cgi" AND (param="Group" AND value CONTAINS "' OR" OR value CONTAINS "UNION" OR value CONTAINS "SELECT"))