Vulnerability Details CVE-2020-36885
Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.2%
CVSS Severity
CVSS v3 Score 9.8
References
- https://pro.sony/en_NL/support-resources/snc-dh120/
- https://pro.sony/en_NL/support-resources/snc-dh120/software/mpengb00000928
- https://www.exploit-db.com/exploits/48842
- https://www.vulncheck.com/advisories/sony-ipela-network-camera-remote-stack-buffer-overflow-via-ftpclientcgi
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.php
- https://www.exploit-db.com/exploits/48842
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.php
Products affected by CVE-2020-36885
-
cpe:2.3:h:sony:snc-dh120t:-
-
cpe:2.3:o:sony:snc-dh120t_firmware:*