Cyber Resilience

CVE-2020-37146

HighPublic PoC

Published: 07 February 2026

Published
07 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 33.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37146 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Acesecurity (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2020-37146 is a configuration disclosure vulnerability affecting the ACE Security WiP-90113 HD Camera. The issue allows unauthenticated attackers to retrieve sensitive configuration files by sending a GET request to the /config_backup.bin endpoint, which exposes credentials and system settings. It carries a CVSS score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is linked to CWE-306: Missing Authentication for Critical Function.

Unauthenticated attackers with network access to the device can exploit this vulnerability with low complexity and no privileges or user interaction required. Exploitation grants high-impact access to confidential data, including the camera's full configuration backup containing credentials and other system settings, potentially enabling further compromise of the device or related networks.

Advisories and related resources include vendor pages from ACE Security at https://acesecurity.jp and https://acesecurity.jp/support/top/wip_series/wip-90113, a VulnCheck advisory at https://www.vulncheck.com/advisories/aptina-ar-p-mp-camera-remote-configuration-disclosure, and a proof-of-concept exploit published on Exploit-DB at https://www.exploit-db.com/exploits/48127. Specific mitigation or patch details are outlined in these references.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Direct unauthenticated remote config file retrieval via public endpoint enables T1190 exploitation of the exposed service and directly exposes credentials stored in files (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37157Shared CWE-306
CVE-2020-36963Shared CWE-306
CVE-2025-61956Shared CWE-306
CVE-2021-47802Shared CWE-306
CVE-2026-41930Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306

Affected Assets

Acesecurity
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prohibits unauthenticated access to critical functions by limiting permitted actions without identification or authentication, such as the /config_backup.bin endpoint.

prevent

Enforces approved authorizations to logically prevent unauthorized access to sensitive configuration files exposed by the camera.

prevent

Mandates access controls and security measures for publicly accessible system interfaces, mitigating unauthenticated retrieval of configuration backups over the network.

References