CVE-2020-37146
Unknown Unknown - Not Provided

Configuration Disclosure in ACE Security WiP-90113 HD Camera

Vulnerability report for CVE-2020-37146, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-07

Last updated on: 2026-02-07

Assigner: VulnCheck

Description

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-07
Last Modified
2026-02-07
Generated
2026-07-06
AI Q&A
2026-02-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ace_security wip-90113_hd_camera *
aptina ar0130_960p_1.3mp_camera *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'The ACE Security WiP-90113 HD Camera has a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files.'}, {'type': 'paragraph', 'content': "Attackers can access the camera's configuration backup by sending a GET request to a specific endpoint, exposing credentials and system settings."}, {'type': 'paragraph', 'content': 'Specifically, the vulnerability allows remote retrieval of a gzipped configuration backup file containing sensitive information such as usernames and passwords in plaintext.'}, {'type': 'paragraph', 'content': 'This can be done without any authentication by accessing a particular URL path on the device.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can lead to unauthorized disclosure of sensitive configuration data, including administrative credentials.'}, {'type': 'paragraph', 'content': "An attacker who exploits this vulnerability can gain access to the camera's system settings and credentials, potentially leading to full compromise of the device."}, {'type': 'paragraph', 'content': 'Such access could allow attackers to manipulate the camera, intercept video feeds, or use the device as a foothold for further attacks within a network.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending an unauthenticated HTTP GET request to the camera's configuration backup endpoint and checking the response."}, {'type': 'paragraph', 'content': 'Specifically, you can send a GET request to the path `/web/cgi-bin/hi3510/backup.cgi` on the target device.'}, {'type': 'paragraph', 'content': 'If the response status code is 200 and returns a gzipped configuration file, the device is vulnerable.'}, {'type': 'paragraph', 'content': 'A practical command using curl to test this would be:'}, {'type': 'list_item', 'content': 'curl -k -v https://<target-ip-or-hostname>/web/cgi-bin/hi3510/backup.cgi -o config_backup.bin'}, {'type': 'paragraph', 'content': 'If the file is downloaded successfully and contains sensitive configuration data, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'Alternatively, an existing Perl exploit script can be used to automate detection and extraction of credentials.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37146. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart