CVE-2020-36878 HIGH

CVE-2020-36878: ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure

Vendor Request Serious Play Llc
Product ReQuest Serious Play Media Player
Weakness CWE-73
Published December 5, 2025
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.

Key dates

02Disclosure timeline

December 5, 2025 CVE published
April 7, 2026 Record updated