Vulnerabilities > CVE-2020-5736 - NULL Pointer Dereference vulnerability in Amcrest products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

amcrest

CWE-476

NVD

Published: 2020-04-08

Updated: 2020-04-09

Summary

Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.

Vulnerable Configurations

Part	Description	Count
OS	Amcrest Amcrest 1080 Lite 8CH Firmware - Amcrest Amdv10814 H5 Firmware - Amcrest IPM 721 Firmware * Amcrest Ip2M 841 Firmware * Amcrest Ip2M 841 V3 Firmware * Amcrest Ip2M 853Ew Firmware * Amcrest Ip2M 858W Firmware * Amcrest Ip2M 866W Firmware * Amcrest Ip2M 866Ew Firmware * Amcrest Ip4M 1053Ew Firmware * Amcrest Ip8M 2454Ew Firmware * Amcrest Ip8M 2493Eb Firmware * Amcrest Ip8M 2496Eb Firmware * Amcrest Ip8M 2597E Firmware * Amcrest Ip8M Mb2546Ew Firmware * Amcrest Ip8M Mt2544Ew Firmware * Amcrest Ip8M T2499Ew Firmware * Amcrest IPM HX1 Firmware *	18
Hardware	Amcrest Amcrest 1080 Lite 8CH - Amcrest Amdv10814 H5 - Amcrest IPM 721 - Amcrest Ip2M 841 - Amcrest Ip2M 841 V3 - Amcrest Ip2M 853Ew - Amcrest Ip2M 858W - Amcrest Ip2M 866W - Amcrest Ip2M 866Ew - Amcrest Ip4M 1053Ew - Amcrest Ip8M 2454Ew - Amcrest Ip8M 2493Eb - Amcrest Ip8M 2496Eb - Amcrest Ip8M 2597E - Amcrest Ip8M Mb2546Ew - Amcrest Ip8M Mt2544Ew - Amcrest Ip8M T2499Ew - Amcrest IPM HX1 -	18

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://www.tenable.com/security/research/tra-2020-20