TROYANOSYVIRUS
Volver a CVEs

CVE-2020-5735

HIGHCISA KEV
8.8

Descripcion

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.

Detalles CVE

Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/8/2020
Ultima modificacion10/31/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorAmcrest
ProductoCameras and Network Video Recorder (NVR)
Nombre vulnerabilidadAmcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2022-05-03
Uso en ransomwareUnknown

Productos afectados

amcrest:1080-lite_8chamcrest:1080-lite_8ch_firmwareamcrest:amdv10814-h5amcrest:amdv10814-h5_firmwareamcrest:ip2m-841amcrest:ip2m-841-v3amcrest:ip2m-841-v3_firmwareamcrest:ip2m-841_firmwareamcrest:ip2m-853ewamcrest:ip2m-853ew_firmwareamcrest:ip2m-858wamcrest:ip2m-858w_firmwareamcrest:ip2m-866ewamcrest:ip2m-866ew_firmwareamcrest:ip2m-866wamcrest:ip2m-866w_firmwareamcrest:ip4m-1053ewamcrest:ip4m-1053ew_firmwareamcrest:ip8m-2454ewamcrest:ip8m-2454ew_firmwareamcrest:ip8m-2493ebamcrest:ip8m-2493eb_firmwareamcrest:ip8m-2496ebamcrest:ip8m-2496eb_firmwareamcrest:ip8m-2597eamcrest:ip8m-2597e_firmwareamcrest:ip8m-mb2546ewamcrest:ip8m-mb2546ew_firmwareamcrest:ip8m-mt2544ewamcrest:ip8m-mt2544ew_firmwareamcrest:ip8m-t2499ewamcrest:ip8m-t2499ew_firmwareamcrest:ipm-721amcrest:ipm-721_firmwareamcrest:ipm-hx1amcrest:ipm-hx1_firmware

Debilidades (CWE)

CWE-121CWE-787

Referencias

http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2020-20(vulnreport@tenable.com)
http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/research/tra-2020-20(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5735(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.