← Back
2026-02-06 23:14CVE-2020-37146VulnCheck
PUBLISHED5.2CWE-306

Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.

Problem type

Affected products

ACE SECURITY

Aptina AR0130 960P 1.3MP Camera

- - AFFECTED

References

ExploitDB-48127

https://www.exploit-db.com/exploits/48127

exploit
Vendor Homepage

https://acesecurity.jp

product
Product Support Page

https://acesecurity.jp/support/top/wip_series/wip-90113

product
VulnCheck Advisory: Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure

https://www.vulncheck.com/advisories/aptina-ar-p-mp-camera-remote-configuration-disclosure

third-party-advisory

GitHub Security Advisories

GHSA-qm77-33rp-mp7c

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows...

https://github.com/advisories/GHSA-qm77-33rp-mp7c

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2020-37146

acesecurity.jp

https://acesecurity.jp

acesecurity.jp

https://acesecurity.jp/support/top/wip_series/wip-90113

exploit-db.com

https://www.exploit-db.com/exploits/48127

vulncheck.com

https://www.vulncheck.com/advisories/aptina-ar-p-mp-camera-remote-configuration-disclosure

github.com

https://github.com/advisories/GHSA-qm77-33rp-mp7c

JSON source

https://cveawg.mitre.org/api/cve/CVE-2020-37146
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2020-37146",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-02-06T23:14:07.942Z",
    "dateReserved": "2026-02-03T16:27:45.308Z",
    "datePublished": "2026-02-06T23:14:07.942Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-02-06T23:14:07.942Z"
      },
      "datePublic": "2020-02-23T00:00:00.000Z",
      "title": "Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure",
      "descriptions": [
        {
          "lang": "en",
          "value": "ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings."
        }
      ],
      "affected": [
        {
          "vendor": "ACE SECURITY",
          "product": "Aptina AR0130 960P 1.3MP Camera",
          "versions": [
            {
              "version": "-",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Missing Authentication for Critical Function",
              "cweId": "CWE-306",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/48127",
          "name": "ExploitDB-48127",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://acesecurity.jp",
          "name": "Vendor Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://acesecurity.jp/support/top/wip_series/wip-90113",
          "name": "Product Support Page",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/aptina-ar-p-mp-camera-remote-configuration-disclosure",
          "name": "VulnCheck Advisory: Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Todor Donev",
          "type": "finder"
        }
      ]
    }
  }
}