Search
Find a vulnerability
Search criteria
2 vulnerabilities found for DBPower C300 HD Camera by DBPower
CVE-2020-37157 (GCVE-0-2020-37157)
Vulnerability from nvd – Published: 2026-02-06 23:14 – Updated: 2026-02-17 16:57
VLAI
EPSS
VEX
Title
DBPower C300 HD Camera - Remote Configuration Disclosure
Summary
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48095 | exploit |
| https://web.archive.org/web/20200620110617/https:… | technical-descriptionexploit |
| https://www.vulncheck.com/advisories/dbpower-c-hd… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DBPower | DBPower C300 HD Camera |
Affected:
-
|
Date Public
2020-02-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T16:57:23.915426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T16:57:33.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DBPower C300 HD Camera",
"vendor": "DBPower",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Todor Donev"
}
],
"datePublic": "2020-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T23:14:09.598Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48095",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48095"
},
{
"name": "Archived Researcher Blog",
"tags": [
"technical-description",
"exploit"
],
"url": "https://web.archive.org/web/20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities"
},
{
"name": "VulnCheck Advisory: DBPower C300 HD Camera - Remote Configuration Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configuration-disclosure"
}
],
"title": "DBPower C300 HD Camera - Remote Configuration Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37157",
"datePublished": "2026-02-06T23:14:09.598Z",
"dateReserved": "2026-02-03T16:27:45.310Z",
"dateUpdated": "2026-02-17T16:57:33.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37157 (GCVE-0-2020-37157)
Vulnerability from cvelistv5 – Published: 2026-02-06 23:14 – Updated: 2026-02-17 16:57
VLAI
EPSS
VEX
Title
DBPower C300 HD Camera - Remote Configuration Disclosure
Summary
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48095 | exploit |
| https://web.archive.org/web/20200620110617/https:… | technical-descriptionexploit |
| https://www.vulncheck.com/advisories/dbpower-c-hd… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DBPower | DBPower C300 HD Camera |
Affected:
-
|
Date Public
2020-02-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T16:57:23.915426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T16:57:33.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DBPower C300 HD Camera",
"vendor": "DBPower",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Todor Donev"
}
],
"datePublic": "2020-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T23:14:09.598Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48095",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48095"
},
{
"name": "Archived Researcher Blog",
"tags": [
"technical-description",
"exploit"
],
"url": "https://web.archive.org/web/20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities"
},
{
"name": "VulnCheck Advisory: DBPower C300 HD Camera - Remote Configuration Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configuration-disclosure"
}
],
"title": "DBPower C300 HD Camera - Remote Configuration Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37157",
"datePublished": "2026-02-06T23:14:09.598Z",
"dateReserved": "2026-02-03T16:27:45.310Z",
"dateUpdated": "2026-02-17T16:57:33.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}