Vulnerability Description
Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amcrest | 1080-Lite 8Ch Firmware | - |
| Amcrest | 1080-Lite 8Ch | - |
| Amcrest | Amdv10814-H5 Firmware | - |
| Amcrest | Amdv10814-H5 | - |
| Amcrest | Ipm-721 Firmware | < v2.420.ac00.18.r.20200217 |
| Amcrest | Ipm-721 | - |
| Amcrest | Ip2M-841 Firmware | < v2.420.ac00.18.r.20200217 |
| Amcrest | Ip2M-841 | - |
| Amcrest | Ip2M-841-V3 Firmware | < v2.800.0000000.6.r.200314 |
| Amcrest | Ip2M-841-V3 | - |
| Amcrest | Ip2M-853Ew Firmware | < v2.623.00ac004.0.r.200316 |
| Amcrest | Ip2M-853Ew | - |
| Amcrest | Ip2M-858W Firmware | < v2.623.00ac004.0.r.200316 |
| Amcrest | Ip2M-858W | - |
| Amcrest | Ip2M-866W Firmware | < v2.623.00ac004.0.r.200316 |
| Amcrest | Ip2M-866W | - |
| Amcrest | Ip2M-866Ew Firmware | < v2.623.00ac004.0.r.200316 |
| Amcrest | Ip2M-866Ew | - |
| Amcrest | Ip4M-1053Ew Firmware | < v2.623.00ac004.0.r.200316 |
| Amcrest | Ip4M-1053Ew | - |
Related Weaknesses (CWE)
References
- https://www.tenable.com/security/research/tra-2020-20Third Party Advisory
- https://www.tenable.com/security/research/tra-2020-20Third Party Advisory
FAQ
What is CVE-2020-5736?
CVE-2020-5736 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
How severe is CVE-2020-5736?
CVE-2020-5736 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5736?
Check the references section above for vendor advisories and patch information. Affected products include: Amcrest 1080-Lite 8Ch Firmware, Amcrest 1080-Lite 8Ch, Amcrest Amdv10814-H5 Firmware, Amcrest Amdv10814-H5, Amcrest Ipm-721 Firmware.