Basetech Ge-131 Bt-1837836 Firmware vulnerabilities
6 known vulnerabilities affecting basetech/ge-131_bt-1837836_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-27555P2CRITICALCVSS 9.8v201809212020-11-17
CVE-2020-27555 [CRITICAL] CWE-1188 CVE-2020-27555: Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 all
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.
nvd
CVE-2020-27553P3HIGHCVSS 7.5v201809212020-11-17
CVE-2020-27553 [HIGH] CWE-22 CVE-2020-27553: In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are needed to exploit this vulnerability.
nvd
CVE-2020-27558P3MEDIUMCVSS 6.5v201809212020-11-17
CVE-2020-27558 [MEDIUM] CWE-287 CVE-2020-27558: Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.
nvd
CVE-2020-27554P3HIGHCVSS 7.5v201809212020-11-17
CVE-2020-27554 [HIGH] CWE-319 CVE-2020-27554: Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.
nvd
CVE-2020-27556P4MEDIUMCVSS 5.3v201809212020-11-17
CVE-2020-27556 [MEDIUM] CWE-330 CVE-2020-27556: A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remot
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.
nvd
CVE-2020-27557P4MEDIUMCVSS 5.5v201809212020-11-17
CVE-2020-27557 [MEDIUM] CWE-522 CVE-2020-27557: Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 all
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.
nvd