CVE-2020-27553

Name of the Vulnerable Software and Affected Versions BASETech GE-131 BT-1837836 firmware version 20180921

Description The web-server in the system is configured with the option "DocumentRoot /etc", allowing an attacker with network access to download any files from the "/etc" folder without authentication. This issue can be exploited without the need for path traversal sequences, enabling unauthenticated remote attackers to gain access to sensitive information.

Recommendations For BASETech GE-131 BT-1837836 firmware version 20180921, consider reconfiguring the web-server to restrict access to sensitive files in the "/etc" folder, or apply alternative security measures to prevent unauthorized file downloads until a patch is available.