CVE-2020-36871 - Vulnerability Details

- ESCAM QD-900 Unauthenticated Configuration Disclosure

Description

ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.

Published: 2025-11-26

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ESCAM

QD-900 WIFI HD Camera

unknown

Version	Status	Constraints
`0`	affected	—

No data.

Vendor	Product	Confidence	Versions
Escam	Qd-900 Wifi Hd Camera	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00322.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://packetstorm.news/files/id/156492/
https://www.exploit-db.com/exploits/48107
https://www.vulncheck.com/advisories/escam-qd900-unauthenticated-config-disclosure

History

Fri, 28 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 27 Nov 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Escam Escam qd-900 Wifi Hd Camera
Vendors & Products		Escam Escam qd-900 Wifi Hd Camera

Wed, 26 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
Description		ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.
Title		ESCAM QD-900 Unauthenticated Configuration Disclosure
Weaknesses		CWE-306
References		https://packetstorm.news/files/id/156492/ https://www.exploit-db.com/exploits/48107 https://www.vulncheck.com/advisories/escam-qd900-unauthenticated-config-disclosure
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Escam Qd-900 Wifi Hd Camera

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-11-26T22:15:07.782Z

Updated: 2026-04-07T14:04:54.941Z

Reserved: 2025-10-30T15:45:57.763Z

Link: CVE-2020-36871

Vulnrichment

Updated: 2025-11-28T19:02:30.325Z

NVD

Status : Deferred

Published: 2025-11-26T23:15:47.060

Modified: 2026-04-15T00:35:42.020

Link: CVE-2020-36871

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-11-27T16:26:38Z

Weaknesses

CWE-306

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object