CVE-2020-27553

Published: Nov 17, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are needed to exploit this vulnerability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://infosec.rm-it.de/2020/11/04/basetech-ip-camera-analysis/#vulns

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-27553

Description

Affected Products

References