CVE-2020-36871
HIGHESCAM QD-900 WIFI HD - Info Disclosure
Title source: llmDescription
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.
Exploits (1)
exploitdb
WORKING POC
by Todor Donev · perlwebappshardware
https://www.exploit-db.com/exploits/48107
Scores
CVSS v4
8.7
EPSS
0.0034
EPSS Percentile
56.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Details
CWE
CWE-306
Status
published
Products (1)
ESCAM/QD-900 WIFI HD Camera
Published
Nov 26, 2025
Tracked Since
Feb 18, 2026