PT-2025-48194 · Astak · Astak Cm-818T3
Todor Donev
·
Published
2025-11-26
·
Updated
2025-11-27
·
CVE-2020-36873
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Astak CM-818T3 2.4GHz wireless security surveillance cameras (affected versions not specified)
Description
The Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure issue. The
/web/cgi-bin/hi3510/backup.cgi API endpoint allows remote download of a compressed configuration backup without authentication or authorization. The exposed backup may contain administrative credentials and other sensitive device settings, potentially enabling an unauthenticated remote attacker to gain information that could compromise the camera or connected network.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astak Cm-818T3