CVE-2020-36876

HIGH

ReQuest Serious Play F3 Media Server <7.0.3.4968 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36876. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a writeup detailing an information disclosure vulnerability in ReQuest Serious Play F3 Media Server. The vulnerability allows unauthenticated access to debug logs containing sensitive system information, credentials, and paths via an unprotected web management server endpoint.

Description

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/48950

View Code ZIP pw:eip

This is a writeup detailing an information disclosure vulnerability in ReQuest Serious Play F3 Media Server. The vulnerability allows unauthenticated access to debug logs containing sensitive system information, credentials, and paths via an unprotected web management server endpoint.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ReQuest Serious Play F3 Media Server 7.0.3 and earlier versions

No auth needed

Prerequisites: network access to the target server

MITRE ATT&CK

T1592 - Gather Victim Host Information T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/48950

Various Sources product

http://request.com/

Third Party Advisory vendor-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5600.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/request-serious-play-f-media-server-debug-log-disclosure

Scores

CVSS v4 8.7

EPSS 0.0034

EPSS Percentile 26.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (6)

ReQuest Serious Play LLC/ReQuest Serious Play 2.0.1.823

ReQuest Serious Play LLC/ReQuest Serious Play 6.3.2.4203

ReQuest Serious Play LLC/ReQuest Serious Play 6.4.2.4681

ReQuest Serious Play LLC/ReQuest Serious Play 6.5.2.4954

ReQuest Serious Play LLC/ReQuest Serious Play 7.0.2.4954

ReQuest Serious Play LLC/ReQuest Serious Play Pro 7.0.3.4968

Published Dec 05, 2025

Tracked Since Feb 18, 2026