Vulnerability Description
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.
Related Weaknesses (CWE)
References
- http://request.com/
- https://www.exploit-db.com/exploits/48950
- https://www.vulncheck.com/advisories/request-serious-play-f-media-server-debug-l
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5600.php
FAQ
What is CVE-2020-36876?
CVE-2020-36876 is a documented vulnerability. ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug ...
How severe is CVE-2020-36876?
CVSS scoring is not yet available for CVE-2020-36876. Check NVD for updates.
Is there a patch for CVE-2020-36876?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.