TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2020-5735

HIGHCISA KEV
8.8

Beschreibung

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.

CVE Details

CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht4/8/2020
Zuletzt geandert10/31/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerAmcrest
ProduktCameras and Network Video Recorder (NVR)
SchwachstellennameAmcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungUnknown

Betroffene Produkte

amcrest:1080-lite_8chamcrest:1080-lite_8ch_firmwareamcrest:amdv10814-h5amcrest:amdv10814-h5_firmwareamcrest:ip2m-841amcrest:ip2m-841-v3amcrest:ip2m-841-v3_firmwareamcrest:ip2m-841_firmwareamcrest:ip2m-853ewamcrest:ip2m-853ew_firmwareamcrest:ip2m-858wamcrest:ip2m-858w_firmwareamcrest:ip2m-866ewamcrest:ip2m-866ew_firmwareamcrest:ip2m-866wamcrest:ip2m-866w_firmwareamcrest:ip4m-1053ewamcrest:ip4m-1053ew_firmwareamcrest:ip8m-2454ewamcrest:ip8m-2454ew_firmwareamcrest:ip8m-2493ebamcrest:ip8m-2493eb_firmwareamcrest:ip8m-2496ebamcrest:ip8m-2496eb_firmwareamcrest:ip8m-2597eamcrest:ip8m-2597e_firmwareamcrest:ip8m-mb2546ewamcrest:ip8m-mb2546ew_firmwareamcrest:ip8m-mt2544ewamcrest:ip8m-mt2544ew_firmwareamcrest:ip8m-t2499ewamcrest:ip8m-t2499ew_firmwareamcrest:ipm-721amcrest:ipm-721_firmwareamcrest:ipm-hx1amcrest:ipm-hx1_firmware

Schwachen (CWE)

CWE-121CWE-787

Referenzen

http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2020-20(vulnreport@tenable.com)
http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/research/tra-2020-20(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5735(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.