CVE-2020-36871

Vulnerability Description

ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.

Related Weaknesses (CWE)

References

• https://packetstorm.news/files/id/156492/
• https://www.exploit-db.com/exploits/48107
• https://www.vulncheck.com/advisories/escam-qd900-unauthenticated-config-disclosu

FAQ

What is CVE-2020-36871?

CVE-2020-36871 is a documented vulnerability. ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed confi...

How severe is CVE-2020-36871?

CVSS scoring is not yet available for CVE-2020-36871. Check NVD for updates.

Is there a patch for CVE-2020-36871?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.