CVE-2020-37157
HIGHDBPower C300 HD Camera - Info Disclosure
Title source: llmDescription
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
Exploits (1)
exploitdb
WORKING POC
by Todor Donev · perlwebappshardware
https://www.exploit-db.com/exploits/48095
References (3)
Scores
CVSS v3
7.5
EPSS
0.0003
EPSS Percentile
6.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-306
Status
draft
Timeline
Published
Feb 07, 2026
Tracked Since
Feb 18, 2026