CVE-2020-27557

Vulnerability

BASETech GE-131 BT-1837836 IP camera firmware version 20180921 contains an unprotected storage of credentials vulnerability [1]. The camera stores the username and password for video streaming access in plain text within SQLite database files [1]. These files are accessible to any user with local access to the camera's file system [1].

Exploitation

An attacker must have local access to the camera — for example, via the same local network if the camera's storage is exposed over a network share, or by physically accessing the device's storage (e.g., removing an SD card if one is present, or connecting via debug interfaces) [1]. Once local access is achieved, the attacker can read the SQLite files containing the credentials directly using any SQLite viewer [1]. No authentication or user interaction beyond gaining local access is required [1].

Impact

Successful exploitation allows the attacker to retrieve the plain-text username and password used for the video streaming service [1]. With these credentials, the attacker can access the camera's live video stream, leading to unauthorized disclosure of video footage [1]. The attacker gains no further system privileges beyond the ability to view the video stream [1].

Mitigation

As of the reference publication (November 2020), no firmware update or patch has been released by BASETech for this camera, and the device appears to be end-of-life with no vendor support [1]. The only effective mitigation is to replace the camera with a device that receives security updates, or to isolate it on a separate network segment that prevents local access by untrusted users [1].