Cyber Resilience

CVE-2020-37157

HighPublic PoC

Published: 07 February 2026

Published
07 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0040 31.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37157 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2020-37157 is a configuration disclosure vulnerability (CWE-306) affecting the DBPower C300 HD Camera. The flaw exposes an unprotected configuration backup endpoint at /tmpfs/config_backup.bin, enabling unauthenticated attackers to download the config_backup.bin file and extract hardcoded username and password credentials stored within it.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required, as reflected in its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Exploitation results in high-impact disclosure of sensitive configuration data, potentially allowing attackers to authenticate to the device or pivot to further actions depending on the credentials' scope.

Advisories detail the issue and proof-of-concept exploitation, including a VulnCheck advisory at https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configuration-disclosure, an Exploit-DB entry (https://www.exploit-db.com/exploits/48095), and an archived blog post on multiple DBPower C300 vulnerabilities (https://web.archive.org/web/20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities). No patches or specific mitigations are described in the provided references.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Vulnerability directly enables unauthenticated remote exploitation of a public-facing device endpoint to retrieve a config file containing hardcoded credentials (T1190 + T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37146Shared CWE-306
CVE-2020-36963Shared CWE-306
CVE-2025-61956Shared CWE-306
CVE-2021-47802Shared CWE-306
CVE-2026-41930Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-14 identifies and authorizes only permitted actions without identification or authentication, directly preventing unauthenticated access to the /tmpfs/config_backup.bin endpoint.

prevent

AC-3 enforces approved authorizations for access to system resources, blocking unauthenticated retrieval of the sensitive configuration file containing hardcoded credentials.

prevent

SC-14 protects information on publicly accessible systems from unauthorized transfer, mitigating disclosure via the unprotected camera web endpoint.

References