CVE-2020-37157 HIGH

CVE-2020-37157: DBPower C300 HD Camera - Remote Configuration Disclosure

Vendor Dbpower
Product DBPower C300 HD Camera
Weakness CWE-306 · Missing auth
Published February 6, 2026
Last update February 17, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

Key dates

02Disclosure timeline

February 6, 2026 CVE published
February 17, 2026 Record updated