Cyber Resilience

CVE-2020-5735

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 08 April 2020

Published
08 April 2020
Modified
31 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4954 97.9th percentile
Risk Priority 67 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-5735 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Amcrest 1080-Lite 8Ch Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 2.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

Amcrest cameras and NVR devices contain a stack-based buffer overflow vulnerability, tracked as CVE-2020-5735 and also associated with CWE-121 and CWE-787, that affects the service listening on TCP port 37777. The flaw permits an authenticated remote attacker to supply crafted input that overwrites memory on the stack, leading to a crash or potential arbitrary code execution. The issue carries a CVSS 3.1 base score of 8.8, reflecting network attack vector, low complexity, and low required privileges.

An authenticated remote attacker can connect to port 37777 and trigger the overflow to cause a denial-of-service condition that crashes the device; under favorable conditions the same flaw may be leveraged for arbitrary code execution, giving the attacker control over the affected camera or NVR.

The vulnerability appears in public exploit repositories demonstrating denial-of-service against models such as the Amcrest IP2M-841 and is listed in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation. No vendor patch or configuration guidance is detailed in the referenced advisories.

EU & UK References

Vulnerability details

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

amcrest
1080-lite 8ch firmware
all versions
amcrest
amdv10814-h5 firmware
all versions
amcrest
ipm-721 firmware
≤ v2.420.ac00.18.r.20200217
amcrest
ip2m-841 firmware
≤ v2.420.ac00.18.r.20200217
amcrest
ip2m-841-v3 firmware
≤ v2.800.0000000.6.r.200314
amcrest
ip2m-853ew firmware
≤ v2.623.00ac004.0.r.200316
amcrest
ip2m-858w firmware
≤ v2.623.00ac004.0.r.200316
amcrest
ip2m-866w firmware
≤ v2.623.00ac004.0.r.200316
amcrest
ip2m-866ew firmware
≤ v2.623.00ac004.0.r.200316
amcrest
ip4m-1053ew firmware
≤ v2.623.00ac004.0.r.200316
+8 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of all input to the service on port 37777, directly blocking the crafted data that triggers the stack buffer overflow.

prevent

Enforces memory protections (e.g., ASLR, non-executable stacks) that prevent reliable exploitation of the stack-based overflow for code execution or reliable crashes.

prevent

Restricts network access to TCP port 37777 from untrusted sources, reducing the attack surface for authenticated remote exploitation of the vulnerable service.

References