What is the CVSS score of EUVD-2020-30828?

EUVD-2020-30828 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. EPSS exploitation probability: 0.1%.

Which versions of Python are affected by EUVD-2020-30828?

ReQuest Serious Play F3 Media Server installations are vulnerable to unauthenticated credential and system information disclosure.

Is there a public PoC exploit available for EUVD-2020-30828?

Yes, a public proof-of-concept exploit is available for EUVD-2020-30828. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2020-30828?

Within 24 hours: Identify all ReQuest F3 Media Server installations and isolate affected systems from untrusted networks; document current user access and credentials for potential compromise assessment. Within 7 days: Implement network-level access controls restricting message_log page access to authorized administrative IP ranges only; deploy WAF rules to block /message_log endpoints from external sources. Within 30 days: Contact ReQuest for patch availability and upgrade timeline; evaluate migration to alternative media server solutions if patches remain unavailable; conduct credential rotation for any accounts potentially exposed in debug logs.

Python EUVD-2020-30828

| CVE-2020-36876 HIGH

Insertion of Sensitive Information into Log File (CWE-532)

2025-12-05 disclosure@vulncheck.com

Information Disclosure Python

8.7

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.7 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2020-30828

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Dec 08, 2025 - 18:26 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 18:15 nvd

HIGH 8.7

DescriptionCVE.org

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

Analysis

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Insertion of Sensitive Information into Log File (CWE-532).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-48519 CRITICAL Act Now

9.6 Jun 16

Remote code execution in Langflow versions through 1.9.1 allows unauthenticated attackers to execute arbitrary Python co

CVE-2026-45833 CRITICAL Act Now

9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U

CVE-2026-47103 CRITICAL Act Now

9.3 Jun 17

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host pr

EUVD-2020-30828 vulnerability details – vuln.today

Back