CVE-2020-36873

Vulnerability Description

Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network.

Related Weaknesses (CWE)

References

• https://packetstorm.news/files/id/156532/
• https://www.vulncheck.com/advisories/astak-cm818t3-unauthenticated-config-disclo

FAQ

What is CVE-2020-36873?

CVE-2020-36873 is a documented vulnerability. Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remo...

How severe is CVE-2020-36873?

CVSS scoring is not yet available for CVE-2020-36873. Check NVD for updates.

Is there a patch for CVE-2020-36873?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.