CVE-2020-5735
Published: 08 April 2020
Summary
CVE-2020-5735 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Amcrest 1080-Lite 8Ch Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
Amcrest cameras and NVR devices contain a stack-based buffer overflow vulnerability, tracked as CVE-2020-5735 and also associated with CWE-121 and CWE-787, that affects the service listening on TCP port 37777. The flaw permits an authenticated remote attacker to supply crafted input that overwrites memory on the stack, leading to a crash or potential arbitrary code execution. The issue carries a CVSS 3.1 base score of 8.8, reflecting network attack vector, low complexity, and low required privileges.
An authenticated remote attacker can connect to port 37777 and trigger the overflow to cause a denial-of-service condition that crashes the device; under favorable conditions the same flaw may be leveraged for arbitrary code execution, giving the attacker control over the affected camera or NVR.
The vulnerability appears in public exploit repositories demonstrating denial-of-service against models such as the Amcrest IP2M-841 and is listed in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation. No vendor patch or configuration guidance is detailed in the referenced advisories.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-26894
Vulnerability details
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of all input to the service on port 37777, directly blocking the crafted data that triggers the stack buffer overflow.
Enforces memory protections (e.g., ASLR, non-executable stacks) that prevent reliable exploitation of the stack-based overflow for code execution or reliable crashes.
Restricts network access to TCP port 37777 from untrusted sources, reducing the attack surface for authenticated remote exploitation of the vulnerable service.