CVE-2020-36871

HIGH

ESCAM QD-900 WIFI HD - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36871. PoCs published by Todor Donev.

AI-analyzed exploit summary This Perl script exploits an information disclosure vulnerability in ESCAM QD-900 WIFI HD Camera by fetching a configuration backup file containing credentials. It sends a crafted HTTP request to retrieve and decompress the configuration file, then extracts usernames and passwords.

Description

ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.

Exploits (1)

exploitdb WORKING POC

by Todor Donev · perlwebappshardware

https://www.exploit-db.com/exploits/48107

View Code ZIP pw:eip

This Perl script exploits an information disclosure vulnerability in ESCAM QD-900 WIFI HD Camera by fetching a configuration backup file containing credentials. It sends a crafted HTTP request to retrieve and decompress the configuration file, then extracts usernames and passwords.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ESCAM QD-900 WIFI HD Camera

No auth needed

Prerequisites: Network access to the target camera · Camera must be exposed on the network

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources exploit

https://packetstorm.news/files/id/156492/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/48107

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/escam-qd900-unauthenticated-config-disclosure

Scores

CVSS v4 8.7

EPSS 0.0036

EPSS Percentile 58.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

ESCAM/QD-900 WIFI HD Camera

Published Nov 26, 2025

Tracked Since Feb 18, 2026