{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2020-37157", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-03T16:27:45.310Z", "datePublished": "2026-02-06T23:14:09.598Z", "dateUpdated": "2026-02-17T16:57:33.305Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-02-06T23:14:09.598Z" }, "datePublic": "2020-02-19T00:00:00.000Z", "title": "DBPower C300 HD Camera - Remote Configuration Disclosure", "descriptions": [ { "lang": "en", "value": "DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Missing Authentication for Critical Function", "cweId": "CWE-306", "type": "CWE" } ] } ], "affected": [ { "vendor": "DBPower", "product": "DBPower C300 HD Camera", "versions": [ { "version": "-", "status": "affected" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.exploit-db.com/exploits/48095", "name": "ExploitDB-48095", "tags": [ "exploit" ] }, { "url": "https://web.archive.org/web/20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities", "name": "Archived Researcher Blog", "tags": [ "technical-description", "exploit" ] }, { "name": "VulnCheck Advisory: DBPower C300 HD Camera - Remote Configuration Disclosure", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configuration-disclosure" } ], "credits": [ { "lang": "en", "value": "Todor Donev", "type": "finder" } ], "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-02-17T16:57:23.915426Z", "id": "CVE-2020-37157", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T16:57:33.305Z" } } ] } }