← volver
CVE-2020-37157

DBPower C300 HD Camera - Remote Configuration Disclosure

CVSS 8.7 HIGHEPSS 0.4%CWE-306
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
DBPower · DBPower C300 HD Camera

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://web.archive.org/web/20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/48095https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configuration-disclosure