ByteOS Network

NVD Vulnerability Details :

CVE-2020-36876

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-05 Dec, 2025 | 18:15

Updated At-08 Dec, 2025 | 18:26

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-532	Primary	disclosure@vulncheck.com

CWE ID: CWE-532

Type: Primary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
http://request.com/	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/48950	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/request-serious-play-f-media-server-debug-log-disclosure	disclosure@vulncheck.com	N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5600.php	disclosure@vulncheck.com	N/A