CVE-2020-36876

ReQuest Serious Play F3 Media Server <= 7.0.3 Debug Log Disclosure2020

CVSS 8.7 HIGHEPSS 0.3%CWE-532

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

05 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

ReQuest Serious Play LLC · ReQuest Serious Play ReQuest Serious Play LLC · ReQuest Serious Play Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://request.com/https://www.exploit-db.com/exploits/48950 https://www.vulncheck.com/advisories/request-serious-play-f-media-server-debug-log-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5600.php