CVE-2020-27558
published 2020-11-17CVE-2020-27558: Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.13%
62.2th percentile
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basetech | ge-131_bt-1837836_firmware | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Kernel
wifi: prevent A-MSDU attacks in mesh networks
kernel_security·2025-06-16·CVSS 3.5
CVE-2020-24588 [LOW] wifi: prevent A-MSDU attacks in mesh networks
wifi: prevent A-MSDU attacks in mesh networks
This patch is a mitigation to prevent the A-MSDU spoofing vulnerability
for mesh networks. The initial update to the IEEE 802.11 standard, in
response to the FragAttacks, missed this case (CVE-2025-27558). It can
be considered a variant of CVE-2020-24588 but for mesh networks.
This patch tries to detect if a standard MSDU was turned into an A-MSDU
by an adversary. This is done by parsing a received A-MSDU as a standard
MSDU, calculating the length of the Mesh Control header, and seeing if
the 6 bytes after this header equal the start of an rfc1042 header. If
equal, this is a strong indication of an ongoing attack attempt.
This defense was tested with mac80211_hwsim against a mesh network that
uses an empty Mesh Address Extension field, i.e.,
GHSA
GHSA-w6hx-h678-hv82: Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream
ghsa_unreviewed·2022-05-24
CVE-2020-27558 [MEDIUM] CWE-287 GHSA-w6hx-h678-hv82: Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.
No detection rules found.
No public exploits indexed.
2020-11-17
Published