How to fix CVE-2020-36876?

Within 24 hours: Identify all ReQuest F3 Media Server installations and isolate affected systems from untrusted networks; document current user access and credentials for potential compromise assessment. Within 7 days: Implement network-level access controls restricting message_log page access to authorized administrative IP ranges only; deploy WAF rules to block /message_log endpoints from external sources. Within 30 days: Contact ReQuest for patch availability and upgrade timeline; evaluate migration to alternative media server solutions if patches remain unavailable; conduct credential rotation for any accounts potentially exposed in debug logs.

Is Python affected by CVE-2020-36876?

ReQuest Serious Play F3 Media Server installations are vulnerable to unauthenticated credential and system information disclosure.

CVE-2020-36876

EUVD-2020-30828 HIGH

2025-12-05 [email protected]

8.7

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2020-30828

PoC Detected

Dec 08, 2025 - 18:26 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 18:15 nvd

HIGH 8.7

Description

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

Analysis

Technical Context

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Insertion of Sensitive Information into Log File (CWE-532).

Remediation

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: +20

CVE-2020-36876 vulnerability details – vuln.today

Back

CVE-2020-36876

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Share

CVE-2020-36876

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Share

External POC / Exploit Code