Home

Description

ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.

PUBLISHED Reserved 2025-10-30 | Published 2025-11-26 | Updated 2025-11-28 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unknown

Any version
affected

Timeline

2020-02-21:Exploit is publicly disclosed

Credits

Todor Donev finder

References

packetstorm.news/files/id/156492/ exploit

www.exploit-db.com/exploits/48107 exploit

www.vulncheck.com/...qd900-unauthenticated-config-disclosure third-party-advisory

cve.org (CVE-2020-36871)

nvd.nist.gov (CVE-2020-36871)

Download JSON