CVE-2020-27556

Vulnerability

The vulnerability resides in the BASETech GE-131 BT-1837836 IP camera running firmware version 20180921. The device ID is predictable, which, combined with the camera's design to allow remote access through the mobile application "V12", enables unauthenticated attackers to discover and connect to the device. The device ID is used by the app to pair with the camera, and the default password "123456" is pre-filled in the app, further reducing the security barrier [1].

Exploitation

To exploit this vulnerability, an attacker does not need any prior authentication or physical access. The attacker can simply enumerate possible device IDs (due to their predictability) and attempt to connect to the camera using the default password 123456 via the mobile application or potentially other means. The camera automatically allows connections from outside the local network, as the stream is accessible remotely even when the camera is behind a firewall [1].

Impact

Successful exploitation gives an attacker unauthorized access to the camera's video stream. This leads to a breach of confidentiality, as an attacker can view live footage from the camera without the owner's knowledge or consent. No additional privileges or write access are gained, but the privacy impact is significant [1].

Mitigation

As of the reference publication (November 2020), no firmware update has been released for this device, and it appears the camera never received any updates throughout its lifetime. The vendor, BASETech, has not released a fixed version. The recommended mitigation is to disconnect the camera from any network where remote access is not strictly necessary or to replace the device with a more secure alternative [1].