CVE-2020-36873
HIGHAstak CM-818T3 2.4GHz Wireless Camera - Unauthenticated Config Disclosure via Backup
Title source: llmDescription
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network.
References (2)
Core 2
Core References
Various Sources exploit
https://packetstorm.news/files/id/156532/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/astak-cm818t3-unauthenticated-config-disclosure
Scores
CVSS v4
8.7
EPSS
0.0054
EPSS Percentile
41.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
Astak/CM-818T3 2.4GHz Wireless Security Surveillance Camera
Published
Nov 26, 2025
Tracked Since
Feb 18, 2026