What is the CVSS score of CVE-2020-37157?

CVE-2020-37157 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of DBPower C300 HD Camera are affected by CVE-2020-37157?

DBPower C300 HD cameras deployed in your organization are vulnerable to unauthenticated credential theft through an exposed configuration backup endpoint.

Is there a public PoC exploit available for CVE-2020-37157?

Yes, a public proof-of-concept exploit is available for CVE-2020-37157. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37157?

Within 24 hours: Inventory all DBPower C300 HD cameras in production and remove internet-facing access or isolate on a restricted network segment. Within 7 days: Rotate all credentials accessed by or stored within these devices, audit logs for unauthorized configuration access, and evaluate camera replacement timelines given the lack of vendor patch availability. Within 30 days: Complete replacement or permanent disconnection of vulnerable devices, and implement network segmentation policies to prevent direct camera internet exposure.

DBPower C300 HD Camera CVE-2020-37157

HIGH

Missing Authentication for Critical Function (CWE-306)

2026-02-07 disclosure@vulncheck.com

Authentication Bypass

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 09, 2026 - 16:08 vuln.today

Public exploit code

CVE Published

Feb 07, 2026 - 00:15 nvd

HIGH 7.5

DescriptionCVE.org

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

AnalysisAI

Technical ContextAI

Classified as CWE-306 (Missing Authentication for Critical Function). DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

Affected ProductsAI

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials throu

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-37157 vulnerability details – vuln.today

Back

DBPower C300 HD Camera CVE-2020-37157

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code