Vulnerability Details : CVE-2020-5735
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
Vulnerability category: OverflowMemory CorruptionExecute code
Products affected by CVE-2020-5735
- cpe:2.3:o:amcrest:1080-lite_8ch_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:amdv10814-h5_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ipm-721_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip2m-841_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip2m-841-v3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip2m-853ew_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip2m-858w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip2m-866w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip2m-866ew_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip4m-1053ew_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip8m-2454ew_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip8m-2493eb_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip8m-2496eb_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip8m-2597e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip8m-mb2546ew_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip8m-mt2544ew_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ip8m-t2499ew_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amcrest:ipm-hx1_firmware:*:*:*:*:*:*:*:*
CVE-2020-5735 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-5735
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2020-5735
1.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5735
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.0
|
HIGH | AV:N/AC:L/Au:S/C:P/I:P/A:C |
8.0
|
8.5
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-5735
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: vulnreport@tenable.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-5735
-
https://www.tenable.com/security/research/tra-2020-20
Amcrest Camera/NVR Multiple Vulnerabilities - Research Advisory | Tenable®Third Party Advisory
-
http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html
Amcrest Dahua NVR Camera IP2M-841 Denial Of Service ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to