CVE-2020-5735

Warning

Exploit

EPSS 48.22%
Published 08.04.2020 13:15:13
Last modified 19.03.2025 20:56:21
Source vulnreport@tenable.com
Teams watchlist Login
Open Login

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.

Affected products Warnungen 1 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Amcrest ≫ 1080-lite 8ch Firmware Version-

Amcrest ≫ 1080-lite 8ch Version-

Amcrest ≫ Amdv10814-h5 Firmware Version-

Amcrest ≫ Amdv10814-h5 Version-

Amcrest ≫ Ipm-721 Firmware Version < v2.420.ac00.18.r.20200217

Amcrest ≫ Ipm-721 Version-

Amcrest ≫ Ip2m-841 Firmware Version < v2.420.ac00.18.r.20200217

Amcrest ≫ Ip2m-841 Version-

Amcrest ≫ Ip2m-841-v3 Firmware Version < v2.800.0000000.6.r.200314

Amcrest ≫ Ip2m-841-v3 Version-

Amcrest ≫ Ip2m-853ew Firmware Version < v2.623.00ac004.0.r.200316

Amcrest ≫ Ip2m-853ew Version-

Amcrest ≫ Ip2m-858w Firmware Version < v2.623.00ac004.0.r.200316

Amcrest ≫ Ip2m-858w Version-

Amcrest ≫ Ip2m-866w Firmware Version < v2.623.00ac004.0.r.200316

Amcrest ≫ Ip2m-866w Version-

Amcrest ≫ Ip2m-866ew Firmware Version < v2.623.00ac004.0.r.200316

Amcrest ≫ Ip2m-866ew Version-

Amcrest ≫ Ip4m-1053ew Firmware Version < v2.623.00ac004.0.r.200316

Amcrest ≫ Ip4m-1053ew Version-

Amcrest ≫ Ip8m-2454ew Firmware Version < v2.622.00ac000.0.r.200320

Amcrest ≫ Ip8m-2454ew Version-

Amcrest ≫ Ip8m-2493eb Firmware Version < v2.622.00ac000.0.r.200320

Amcrest ≫ Ip8m-2493eb Version-

Amcrest ≫ Ip8m-2496eb Firmware Version < v2.622.00ac000.0.r.200320

Amcrest ≫ Ip8m-2496eb Version-

Amcrest ≫ Ip8m-2597e Firmware Version < v2.800.00ac000.0.r.200330

Amcrest ≫ Ip8m-2597e Version-

Amcrest ≫ Ip8m-mb2546ew Firmware Version < v2.622.00ac000.0.r.200320

Amcrest ≫ Ip8m-mb2546ew Version-

Amcrest ≫ Ip8m-mt2544ew Firmware Version < v2.622.00ac000.0.r.200320

Amcrest ≫ Ip8m-mt2544ew Version-

Amcrest ≫ Ip8m-t2499ew Firmware Version < v2.622.00ac000.0.r.200320

Amcrest ≫ Ip8m-t2499ew Version-

Amcrest ≫ Ipm-hx1 Firmware Version < v2.420.ac00.18.r.20200217

Amcrest ≫ Ipm-hx1 Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability

Vulnerability

Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	48.22%	0.976

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8	8	8.5	AV:N/AC:L/Au:S/C:P/I:P/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html

Third Party Advisory

Exploit

VDB Entry

https://www.tenable.com/security/research/tra-2020-20

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5735

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5735

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5735

EUVD