CVE-2020-36876 in Serious Play F3 Media Serverinfo

Summary

by MITRE • 12/05/2025

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 12/06/2025

The vulnerability identified as CVE-2020-36876 affects ReQuest Serious Play F3 Media Server versions including 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823, representing a critical information disclosure flaw that exposes sensitive system data through an unauthenticated access vector. This vulnerability stems from inadequate access controls within the web server implementation, specifically allowing any remote attacker to access the message_log page without requiring authentication credentials. The flaw manifests as a failure to properly restrict access to debug logging functionality that should only be available to authorized system administrators. According to CWE-284, this represents an improper access control vulnerability where the system fails to properly enforce access restrictions, allowing unauthorized users to gain access to sensitive information. The vulnerability aligns with ATT&CK technique T1213.002 which focuses on data from information repositories, specifically targeting debug logs that contain system information. The affected media server exposes python debug log files through a web interface, creating a direct pathway for attackers to extract system information, credentials, file paths, running processes, and command arguments that are typically restricted to administrative access only. The exposure occurs when attackers simply navigate to the message_log page, which is accessible without authentication, thereby bypassing all normal access controls and security mechanisms. This vulnerability demonstrates a fundamental flaw in the server's security architecture where debug functionality is not properly secured, creating a backdoor for information disclosure attacks. The impact of this vulnerability extends beyond simple information disclosure, as the debug logs contain sensitive data that could be leveraged for further attacks, including privilege escalation, system compromise, and targeted exploitation. The presence of command arguments and process information in the logs could provide attackers with insights into how the system operates, potentially enabling them to craft more effective attacks against the device. Organizations using these media server versions face significant risk as the vulnerability allows for complete information gathering without any authentication requirements, making it particularly dangerous for networked environments where these devices might be exposed to external networks. The vulnerability also highlights poor security practices in the development lifecycle where debug features are not properly disabled or secured in production environments, violating security by design principles. This flaw could be exploited by attackers to gain detailed knowledge of the system's internal workings, potentially enabling more sophisticated attacks that target specific system components or processes. The exposure of file paths and system information through debug logs creates opportunities for attackers to perform reconnaissance and mapping of the target environment, facilitating more targeted and effective exploitation attempts. Security professionals should note that this vulnerability is particularly concerning because it affects multiple versions of the software, indicating a persistent architectural flaw rather than a one-time coding error. The lack of authentication requirements for accessing debug logs represents a fundamental failure in implementing proper access controls and demonstrates the importance of security testing throughout the software development lifecycle. Organizations should immediately implement mitigations including disabling debug logging functionality, implementing proper access controls, and restricting network access to these devices to prevent exploitation of this vulnerability. The vulnerability also underscores the need for regular security assessments and penetration testing to identify similar issues in other software components that might expose sensitive information through unsecured interfaces.

Responsible

VulnCheck

Reservation

12/05/2025

Disclosure

12/05/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00327

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!