CVE-2020-27553

Vulnerability

The BASETech GE-131 BT-1837836 IP camera running firmware version 20180921 has its web server configured with DocumentRoot set to /etc. This misconfiguration allows any file within the /etc directory to be served directly via HTTP without requiring authentication. No path traversal sequences are needed; simply requesting a file path under /etc (e.g., /etc/passwd) returns its contents [1].

Exploitation

An attacker with network access to the camera's web server (typically on port 80) can exploit this vulnerability by sending HTTP GET requests for files located in /etc. No authentication, user interaction, or special privileges are required. The attacker can enumerate and download any file from the /etc directory, including system configuration files, password hashes, and other sensitive data [1].

Impact

Successful exploitation results in unauthorized disclosure of sensitive system files. The attacker can obtain password hashes (e.g., from /etc/shadow), network configuration, and other secrets stored in /etc. This information disclosure can lead to further compromise, such as privilege escalation or lateral movement within the network [1].

Mitigation

As of the publication date (2020-11-17), no firmware update has been released to address this vulnerability; the camera appears to have reached end-of-life without receiving any patches [1]. Mitigation relies on network-level controls: restrict access to the camera's web server to trusted hosts only, or isolate the camera on a separate VLAN. If possible, disable the web server entirely. This CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.