In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option βDocumentRoot /etcβ. This allows an attacker with network access to the web-server to download any files from the β/etcβ folder without authentication. No path traversal sequences are needed ...
7.5CVSS
7.4AI Score
0.004EPSS
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.
7.5CVSS
7.3AI Score
0.004EPSS
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.
9.8CVSS
9.8AI Score
0.019EPSS
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.
5.3CVSS
5.4AI Score
0.004EPSS
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.
5.5CVSS
5.7AI Score
0.0004EPSS
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.
6.5CVSS
6.5AI Score
0.004EPSS