PT-2020-16705 · Basetech · Basetech Ge-131

Published

2020-11-17

Updated

2021-07-21

CVE-2020-27557

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BASETech GE-131 BT-1837836 firmware version 20180921

Description The issue allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. This is due to an Unprotected Storage of Credentials vulnerability.

Recommendations For BASETech GE-131 BT-1837836 firmware version 20180921, consider restricting access to the SQLite files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-27557

Affected Products

Basetech Ge-131

PT-2020-16705 · Basetech · Basetech Ge-131

CVE-2020-27557

Weakness Enumeration

Related Identifiers

Affected Products

References · 9