How to fix CVE-2020-37157?

Within 24 hours: Inventory all DBPower C300 HD cameras in production and remove internet-facing access or isolate on a restricted network segment. Within 7 days: Rotate all credentials accessed by or stored within these devices, audit logs for unauthorized configuration access, and evaluate camera replacement timelines given the lack of vendor patch availability. Within 30 days: Complete replacement or permanent disconnection of vulnerable devices, and implement network segmentation policies to prevent direct camera internet exposure.

CVE-2020-37157

HIGH

2026-02-07 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 09, 2026 - 16:08 vuln.today

Public exploit code

CVE Published

Feb 07, 2026 - 00:15 nvd

HIGH 7.5

Description

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

Analysis

Technical Context

Classified as CWE-306 (Missing Authentication for Critical Function). DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.

Affected Products

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials throu

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: +20

CVE-2020-37157 vulnerability details – vuln.today

Back

CVE-2020-37157

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-37157

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code