Overview
CVE-2020-36874 details a critical vulnerability affecting ACE SECURITY WIP-90113 HD cameras. This vulnerability allows an unauthenticated remote attacker to download the device’s configuration backup file. This backup can contain sensitive information, including administrative credentials, potentially leading to complete compromise of the camera and potentially the network it is connected to.
Technical Details
The vulnerability exists in the /web/cgi-bin/hi3510/backup.cgi endpoint. This endpoint, intended for creating configuration backups, lacks any authentication or authorization checks. An attacker can simply request this URL to download a compressed archive of the camera’s configuration. This archive typically includes:
- Administrative usernames and passwords (often stored in plain text or easily reversible formats).
- Network settings (IP address, subnet mask, gateway, DNS servers).
- Wi-Fi credentials (SSID and password).
- Other device-specific configuration parameters.
The underlying cause is the failure to implement proper access controls on a sensitive resource.
CVSS Analysis
Currently, a CVSS score is not available for CVE-2020-36874. However, given the potential for complete system compromise due to unauthenticated remote information disclosure, a high CVSS score is anticipated. A likely scoring would involve a CVSSv3 base score above 7.5, considering factors such as confidentiality impact, attack vector, and attack complexity.
Possible Impact
The exploitation of this vulnerability can have severe consequences:
- Full Camera Compromise: An attacker can gain complete control over the camera by using the leaked administrative credentials.
- Network Intrusion: If the camera is connected to a network, the attacker may be able to use it as a foothold to gain access to other devices and sensitive data on the network.
- Surveillance and Data Theft: An attacker could remotely view the camera’s live feed, download recorded footage, or use the camera as a pivot point for further attacks.
- Denial of Service (DoS): An attacker can reconfigure the camera to disrupt its normal operation.
Mitigation and Patch Steps
Unfortunately, information regarding a specific patch or firmware update from ACE SECURITY is limited. However, the following steps can be taken to mitigate the risk:
- Disable Remote Access: If remote access to the camera is not required, disable it entirely.
- Network Segmentation: Isolate the camera on a separate network segment with limited access to other critical resources.
- Firewall Rules: Implement firewall rules to restrict access to the camera’s web interface (port 80, 443) to only trusted IP addresses.
- Monitor Network Traffic: Monitor network traffic for suspicious activity originating from the camera.
- Contact ACE SECURITY: Reach out to ACE SECURITY directly to inquire about a potential firmware update or patch.
- Consider Replacement: If a patch is not available and the risk is deemed too high, consider replacing the camera with a more secure alternative.
Important: Always change the default administrative credentials on any network device immediately after installation.
References
Published: 2025-11-26T23:15:47.550
