Vulnerability Description
A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example. NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ambarella | Oryx Rtsp Server | 2020-01-07 |
Related Weaknesses (CWE)
References
- https://github.com/Ambarella-Inc/amba-cve-info/tree/main/cve-2020-24918
- https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1ExploitThird Party Advisory
- https://www.ambarella.comVendor Advisory
- https://www.somersetrecon.com/blogExploitThird Party Advisory
- https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1ExploitThird Party Advisory
- https://www.ambarella.comVendor Advisory
- https://www.somersetrecon.com/blogExploitThird Party Advisory
FAQ
What is CVE-2020-24918?
CVE-2020-24918 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execu...
How severe is CVE-2020-24918?
CVE-2020-24918 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-24918?
Check the references section above for vendor advisories and patch information. Affected products include: Ambarella Oryx Rtsp Server.