CVE-2020-37146
Unknown Unknown - Not Provided
Configuration Disclosure in ACE Security WiP-90113 HD Camera

Publication date: 2026-02-07

Last updated on: 2026-02-07

Assigner: VulnCheck

Description
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-02-07
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37146
EUVD
EUVD-2020-31107
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ace_security wip-90113_hd_camera *
aptina ar0130_960p_1.3mp_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'The ACE Security WiP-90113 HD Camera has a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files.'}, {'type': 'paragraph', 'content': "Attackers can access the camera's configuration backup by sending a GET request to a specific endpoint, exposing credentials and system settings."}, {'type': 'paragraph', 'content': 'Specifically, the vulnerability allows remote retrieval of a gzipped configuration backup file containing sensitive information such as usernames and passwords in plaintext.'}, {'type': 'paragraph', 'content': 'This can be done without any authentication by accessing a particular URL path on the device.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can lead to unauthorized disclosure of sensitive configuration data, including administrative credentials.'}, {'type': 'paragraph', 'content': "An attacker who exploits this vulnerability can gain access to the camera's system settings and credentials, potentially leading to full compromise of the device."}, {'type': 'paragraph', 'content': 'Such access could allow attackers to manipulate the camera, intercept video feeds, or use the device as a foothold for further attacks within a network.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by sending an unauthenticated HTTP GET request to the camera's configuration backup endpoint and checking the response."}, {'type': 'paragraph', 'content': 'Specifically, you can send a GET request to the path `/web/cgi-bin/hi3510/backup.cgi` on the target device.'}, {'type': 'paragraph', 'content': 'If the response status code is 200 and returns a gzipped configuration file, the device is vulnerable.'}, {'type': 'paragraph', 'content': 'A practical command using curl to test this would be:'}, {'type': 'list_item', 'content': 'curl -k -v https://<target-ip-or-hostname>/web/cgi-bin/hi3510/backup.cgi -o config_backup.bin'}, {'type': 'paragraph', 'content': 'If the file is downloaded successfully and contains sensitive configuration data, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'Alternatively, an existing Perl exploit script can be used to automate detection and extraction of credentials.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37146. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart