35 matches found
EUVD-2020-20064
Malware in sbrugna...
Unspecified Vulnerability in BASETech GE-131 BT-1837836
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. The BASETech GE-131 BT-1837836 suffers from a device ID predictability vulnerability. An attacker can exploit this vulnerability to connect to the device...
BASETech GE-131 BT-1837836 Information Disclosure Vulnerability
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. An information disclosure vulnerability exists in the BASETech GE-131 BT-1837836. An attacker can exploit the vulnerability to remotely access the video stream via an unrecorded user...
BASETech GE-131 BT-1837836 Directory Traversal Vulnerability
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. A directory traversal vulnerability exists in the BASETech GE-131 BT-1837836. An attacker can exploit this vulnerability to access sensitive information...
BASETech GE-131 BT-1837836 Command Execution Vulnerability
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. An arbitrary system command execution vulnerability exists in the BASETech GE-131 BT-1837836. The vulnerability stems from the device using default credentials for a telnet server. A remote attacker can exploit this vulnerability to execut...
CVE-2020-27556
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...
CVE-2020-27553
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are neede...
CVE-2020-27555
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...
CVE-2020-27558
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
CVE-2020-27558
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream...
CVE-2020-27556
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device...
CVE-2020-27554
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device...
CVE-2020-27553
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are neede...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
CVE-2020-27555
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...
CVE-2020-27554
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device...
Path traversal
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are neede...
Default credentials
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user...
Design/Logic Flaw
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream...