PT-2025-48195 · Ace Security · Ace Security Wip-90113 Hd Cameras
Todor Donev
·
Published
2025-11-26
·
Updated
2025-11-29
·
CVE-2020-36874
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ACE SECURITY WIP-90113 HD cameras (affected versions not specified)
Description
ACE SECURITY WIP-90113 HD cameras have an issue where configuration information can be disclosed without authentication. The
/web/cgi-bin/hi3510/backup.cgi API endpoint allows remote download of a compressed configuration backup without requiring any authentication or authorization. This backup may contain administrative credentials and other sensitive device settings. An unauthenticated remote attacker could obtain this information, potentially leading to further compromise of the camera or the connected network.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ace Security Wip-90113 Hd Cameras