CVE-2020-36876 HIGH

CVE-2020-36876: ReQuest Serious Play F3 Media Server <= 7.0.3 Debug Log Disclosure2020

Vendor Request Serious Play Llc
Product ReQuest Serious Play Pro
Weakness CWE-532 · Sensitive info in logs
Published December 5, 2025
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

Key dates

02Disclosure timeline

December 5, 2025 CVE published
April 7, 2026 Record updated