Vulnerabilities > CVE-2020-5735 - Out-of-bounds Write vulnerability in Amcrest products

CVSS 8.0 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

COMPLETE

network

low complexity

amcrest

CWE-787

exploit available

NVD

Published: 2020-04-08

Updated: 2020-04-09

Summary

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Amcrest Amcrest 1080 Lite 8CH Firmware - Amcrest Amdv10814 H5 Firmware - Amcrest IPM 721 Firmware * Amcrest Ip2M 841 Firmware * Amcrest Ip2M 841 V3 Firmware * Amcrest Ip2M 853Ew Firmware * Amcrest Ip2M 858W Firmware * Amcrest Ip2M 866W Firmware * Amcrest Ip2M 866Ew Firmware * Amcrest Ip4M 1053Ew Firmware * Amcrest Ip8M 2454Ew Firmware * Amcrest Ip8M 2493Eb Firmware * Amcrest Ip8M 2496Eb Firmware * Amcrest Ip8M 2597E Firmware * Amcrest Ip8M Mb2546Ew Firmware * Amcrest Ip8M Mt2544Ew Firmware * Amcrest Ip8M T2499Ew Firmware * Amcrest IPM HX1 Firmware *	18
Hardware	Amcrest Amcrest 1080 Lite 8CH - Amcrest Amdv10814 H5 - Amcrest IPM 721 - Amcrest Ip2M 841 - Amcrest Ip2M 841 V3 - Amcrest Ip2M 853Ew - Amcrest Ip2M 858W - Amcrest Ip2M 866W - Amcrest Ip2M 866Ew - Amcrest Ip4M 1053Ew - Amcrest Ip8M 2454Ew - Amcrest Ip8M 2493Eb - Amcrest Ip8M 2496Eb - Amcrest Ip8M 2597E - Amcrest Ip8M Mb2546Ew - Amcrest Ip8M Mt2544Ew - Amcrest Ip8M T2499Ew - Amcrest IPM HX1 -	18

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Exploit-Db

id	EDB-ID:48304
last seen	2020-04-08
modified	2020-04-08
published	2020-04-08
reporter	Exploit-DB
source	https://www.exploit-db.com/download/48304
title	Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Packetstorm

data source	https://packetstormsecurity.com/files/download/157164/amcrestdahuanvr-dos.txt
id	PACKETSTORM:157164
last seen	2020-04-13
published	2020-04-08
reporter	Jacob Baines
source	https://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html
title	Amcrest Dahua NVR Camera IP2M-841 Denial Of Service

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References