Vulnerability Description
ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network.
Related Weaknesses (CWE)
References
- https://acesecurity.jp/support/top/wip_series/wip-90113
- https://cxsecurity.com/issue/WLB-2020020137
- https://packetstorm.news/files/id/156497/
- https://www.vulncheck.com/advisories/ace-security-wip90113-unauthenticated-confi
FAQ
What is CVE-2020-36874?
CVE-2020-36874 is a documented vulnerability. ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed...
How severe is CVE-2020-36874?
CVSS scoring is not yet available for CVE-2020-36874. Check NVD for updates.
Is there a patch for CVE-2020-36874?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.