CVE-2021-33544

UDP Technology/Geutebrück camera devices: command injection leading to RCE

Basic Information

CVE State: PUBLISHED
Reserved Date: May 24, 2021
Published Date: September 13, 2021
Last Updated: September 16, 2024
Vendor: Geutebrück
Product: E2 Series, Encoder G-Code
Description: Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
Tags

CVSS Scores

CVSS v3.1

7.2 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Score

Score: 93.55% (Percentile: 99.82%) as of 2025-06-14

Exploit Status

Exploited in the Wild: Yes (2025-05-31 00:00:00 UTC) Source

References

https://www.randorisec.fr/fr/udp-technology-ip-camera-vulnerabilities/ https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-06-01 12:00:59 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/geutebruck_cmdinject_cve_2021_335xx.rb	2025-04-29 11:01:12 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-33544.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

May 24, 2021
CVE Published to Public

September 13, 2021
Detected by Nuclei

April 26, 2025
Detected by Metasploit

April 29, 2025
Added to KEVIntel

June 01, 2025