CVE-2020-37157

DBPower C300 HD Camera - Remote Configuration Disclosure

CVSS 8.7 HIGHEPSS 0.4%CWE-306

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

DBPower · DBPower C300 HD Camera

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://web.archive.org/web/20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities https://www.exploit-db.com/exploits/48095 https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configuration-disclosure