CVE-2020-37157

DBPower C300 HD Camera - Remote Configuration Disclosure

Description

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

INFO

Published Date :

2026-02-06T23:14:09.598Z

Last Modified :

2026-02-06T23:14:09.598Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2020-37157 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2020-37157.

URL	Resource
https://web.archive.org/web/20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities
https://www.exploit-db.com/exploits/48095
https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configuration-disclosure

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact