CVE-2020-36871
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-11-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| escam | qd-900 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in ESCAM QD-900 WIFI HD cameras where the /web/cgi-bin/hi3510/backup.cgi endpoint allows anyone to remotely download a compressed configuration backup without needing to authenticate. This backup can contain administrative credentials and sensitive device settings, enabling an unauthenticated attacker to gain information that could lead to further compromise of the camera or the connected network.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to obtain administrative credentials and sensitive configuration data from the camera without any authentication. This can lead to unauthorized access, control over the camera, and potentially further compromise of the connected network, risking privacy and security.