24 matches found
EUVD-2020-20064
Malware in sbrugna...
BASETech GE-131 BT-1837836 Directory Traversal Vulnerability
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. A directory traversal vulnerability exists in the BASETech GE-131 BT-1837836. An attacker can exploit this vulnerability to access sensitive information...
BASETech GE-131 BT-1837836 Command Execution Vulnerability
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. An arbitrary system command execution vulnerability exists in the BASETech GE-131 BT-1837836. The vulnerability stems from the device using default credentials for a telnet server. A remote attacker can exploit this vulnerability to execut...
Unspecified Vulnerability in BASETech GE-131 BT-1837836
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. The BASETech GE-131 BT-1837836 suffers from a device ID predictability vulnerability. An attacker can exploit this vulnerability to connect to the device...
BASETech GE-131 BT-1837836 Information Disclosure Vulnerability
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. An information disclosure vulnerability exists in the BASETech GE-131 BT-1837836. An attacker can exploit the vulnerability to remotely access the video stream via an unrecorded user...
CVE-2020-27558
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream...
CVE-2020-27554
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device...
CVE-2020-27554
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device...
CVE-2020-27556
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...
CVE-2020-27553
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are neede...
CVE-2020-27555
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...
CVE-2020-27556
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...
CVE-2020-27555
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...
Design/Logic Flaw
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
Default credentials
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...
Path traversal
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are neede...
CVE-2020-27553
The CVE-2020-27553 entry concerns BASETech GE-131 BT-1837836 firmware where the web server is configured with DocumentRoot set to /etc, enabling an attacker with network access to download files from /etc without authentication. This is a configuration flaw rather than a code-level bug, leading t...
CVE-2020-27554
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device...
CVE-2020-27556
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...