Vulnerability Description
Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sony | Snc-Dh120T Firmware | <= 1.82.01 |
| Sony | Snc-Dh120T | - |
Related Weaknesses (CWE)
References
- https://pro.sony/en_NL/support-resources/snc-dh120/Broken Link
- https://pro.sony/en_NL/support-resources/snc-dh120/software/mpengb00000928Release Notes
- https://www.exploit-db.com/exploits/48842ExploitThird Party Advisory
- https://www.vulncheck.com/advisories/sony-ipela-network-camera-remote-stack-buffThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.phpThird Party Advisory
- https://www.exploit-db.com/exploits/48842ExploitThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.phpThird Party Advisory
FAQ
What is CVE-2020-36885?
CVE-2020-36885 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnera...
How severe is CVE-2020-36885?
CVE-2020-36885 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36885?
Check the references section above for vendor advisories and patch information. Affected products include: Sony Snc-Dh120T Firmware, Sony Snc-Dh120T.