22 matches found
BASETech GE-131 BT-1837836 Directory Traversal Vulnerability
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. A directory traversal vulnerability exists in the BASETech GE-131 BT-1837836. An attacker can exploit this vulnerability to access sensitive information...
CVE-2020-27553
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are neede...
CVE-2020-27556
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...
CVE-2020-27558
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream...
CVE-2020-27554
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
CVE-2020-27555
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...
Design/Logic Flaw
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
Design/Logic Flaw
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream...
Path traversal
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are neede...
Default credentials
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...
CVE-2020-27553
The CVE-2020-27553 entry concerns BASETech GE-131 BT-1837836 firmware where the web server is configured with DocumentRoot set to /etc, enabling an attacker with network access to download files from /etc without authentication. This is a configuration flaw rather than a code-level bug, leading t...
CVE-2020-27554
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device...
CVE-2020-27554
CVE-2020-27554 affects BASETech GE-131 BT-1837836 firmware 20180921. The issue is cleartext transmission of sensitive information between the mobile app and the camera, exposing confidentiality. CVSS details in the connected NVD entry indicate network access with low attack complexity and no auth...
CVE-2020-27555
BASETech GE-131 BT-1837836 firmware 20180921 is affected by CVE-2020-27555 due to use of default credentials for the telnet server. The vulnerability allows remote attackers to execute arbitrary system commands as root. Public references in NVD assign a critical/high impact (C/H/A) with network a...
CVE-2020-27556
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...
CVE-2020-27556
The CVE-2020-27556 entry concerns BASETech GE-131 BT-1837836 Wi‑Fi IP CCTV camera firmware 20180921, where a predictable device ID enables unauthenticated remote connection to the device. This is corroborated by NVD, RH, CNVD-style entries in the connected documents. No specific exploit details o...
CVE-2020-27557
CVE-2020-27557 describes an Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921. The issue allows local users to access the video streaming username and password via SQLite files containing plain text credentials. Affected software/hardware: BASETech G...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
CVE-2020-27558
CVE-2020-27558 concerns BASETech GE-131 BT-1837836 firmware 20180921. Multiple sources (NVD, CNVD, Red Hat, CVE listing) describe an information disclosure vulnerability where an undocumented user allows remote access to the video stream. The issue is a network-accessible flaw in the device’s aut...