Unauthenticated SQL Injection in Geutebruck G-Cam E-Series Cameras

CVE-2025-12463

What is CVE-2025-12463?

CVE-2025-12463 is a security vulnerability affecting the Geutebruck G-Cam E-Series Cameras, specifically identified within the system due to an unauthenticated SQL injection flaw. This vulnerability exists in the handling of the Group parameter utilized in the /uapi-cgi/viewer/Param.cgi script. The issue was notably confirmed on the EFD-2130 model running firmware version 1.12.0.19. The implications of this vulnerability are concerning for organizations that rely on these cameras for surveillance and security, as it could allow malicious actors to interact with the database without proper authentication. Such access might enable an attacker to manipulate, extract, or corrupt sensitive data stored within the camera's database, putting the integrity and confidentiality of security-related information at risk.

Potential impact of CVE-2025-12463

1. Data Breaches: The SQL injection vulnerability allows unauthorized users to gain access to the camera's database, potentially leading to the exposure of sensitive video footage, configurations, and user credentials stored in the system.

2. System Manipulation: Attackers can exploit this vulnerability to execute arbitrary SQL commands, which may allow them to alter camera settings, disable functionality, or even gain control over the camera systems, effectively disrupting surveillance operations.

3. Reputation Damage: Organizations affected by successful exploitation of this vulnerability may suffer from significant reputational harm, particularly if sensitive information is compromised or the security integrity of their surveillance systems is called into question.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References