CVE-2020-36885

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://pro.sony/en_NL/support-resources/snc-dh120/
https://pro.sony/en_NL/support-resources/snc-dh120/software/mpengb00000928
https://www.exploit-db.com/exploits/48842
https://www.vulncheck.com/advisories/sony-ipela-network-camera-remote-stack-buffer-overflow-via-ftpclientcgi
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.php