CVE-2020-37157

HIGH

DBPower C300 HD Camera - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37157. PoCs published by Todor Donev.

AI-analyzed exploit summary This Perl script exploits an information disclosure vulnerability in the DBPower C300 HD Camera by fetching a configuration backup file containing credentials. It sends a crafted HTTP request to retrieve a gzipped configuration file, then extracts and displays the username and password.

Description

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

Exploits (1)

exploitdb WORKING POC
by Todor Donev · perlwebappshardware
https://www.exploit-db.com/exploits/48095

This Perl script exploits an information disclosure vulnerability in the DBPower C300 HD Camera by fetching a configuration backup file containing credentials. It sends a crafted HTTP request to retrieve a gzipped configuration file, then extracts and displays the username and password.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: DBPower C300 HD Camera
No auth needed
Prerequisites: Network access to the target camera · Camera must be exposed on the network
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0003
EPSS Percentile 10.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-306
Status published
Products (1)
DBPower/DBPower C300 HD Camera -
Published Feb 07, 2026
Tracked Since Feb 18, 2026