Primary

Context

ACE Security WiP-90113 HD Camera Remote Configuration Disclosure Vulnerability

Vulnerability

A configuration disclosure vulnerability has been identified in the ACE Security WiP-90113 HD Camera. This vulnerability allows unauthenticated attackers to retrieve sensitive configuration files, including credentials and system settings. The issue arises from the camera's /config_backup.bin endpoint, which can be accessed by sending a GET request. The vulnerability is present in the camera's firmware prior to the latest version.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive configuration files, including usernames and passwords.

Reproduction

To reproduce this vulnerability, send a GET request to the camera's /config_backup.bin endpoint. The response will include a gzipped configuration file that, when unzipped, reveals sensitive information such as the camera's username and password.

Added: Feb 7, 2026, 12:34 AM

Updated: Feb 7, 2026, 12:34 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ACE Security WiP-90113 HD Camera Remote Configuration Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating