CVE-2020-37157

DBPower C300 HD Camera - Remote Configuration Disclosure

CVSS 8.7 HIGHEPSS 0.4%CWE-306

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

06 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

DBPower · DBPower C300 HD Camera

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://web.archive.org/web/20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities https://www.exploit-db.com/exploits/48095 https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configuration-disclosure