Amcrest cameras和NVR 缓冲区错误漏洞
CVE编号
CVE-2020-5735利用情况
暂无补丁情况
N/A披露时间
2020-04-09漏洞描述
Amcrest摄像机和NVR容易受到端口37777上基于堆栈的缓冲区溢出的攻击。经过身份验证的远程攻击者可以滥用此问题使设备崩溃,并可能执行任意代码。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841... | |
| https://www.tenable.com/security/research/tra-2020-20 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | amcrest | 1080-lite_8ch_firmware | - | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | amdv10814-h5_firmware | - | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip2m-841-v3_firmware | * | Up to (excluding) v2.800.0000000.6.r.200314 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip2m-841_firmware | * | Up to (excluding) v2.420.ac00.18.r.20200217 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip2m-853ew_firmware | * | Up to (excluding) v2.623.00ac004.0.r.200316 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip2m-858w_firmware | * | Up to (excluding) v2.623.00ac004.0.r.200316 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip2m-866ew_firmware | * | Up to (excluding) v2.623.00ac004.0.r.200316 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip2m-866w_firmware | * | Up to (excluding) v2.623.00ac004.0.r.200316 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip4m-1053ew_firmware | * | Up to (excluding) v2.623.00ac004.0.r.200316 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip8m-2454ew_firmware | * | Up to (excluding) v2.622.00ac000.0.r.200320 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip8m-2493eb_firmware | * | Up to (excluding) v2.622.00ac000.0.r.200320 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip8m-2496eb_firmware | * | Up to (excluding) v2.622.00ac000.0.r.200320 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip8m-2597e_firmware | * | Up to (excluding) v2.800.00ac000.0.r.200330 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip8m-mb2546ew_firmware | * | Up to (excluding) v2.622.00ac000.0.r.200320 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip8m-mt2544ew_firmware | * | Up to (excluding) v2.622.00ac000.0.r.200320 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ip8m-t2499ew_firmware | * | Up to (excluding) v2.622.00ac000.0.r.200320 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ipm-721_firmware | * | Up to (excluding) v2.420.ac00.18.r.20200217 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amcrest | ipm-hx1_firmware | * | Up to (excluding) v2.420.ac00.18.r.20200217 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | 1080-lite_8ch | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | amdv10814-h5 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip2m-841 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip2m-841-v3 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip2m-853ew | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip2m-858w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip2m-866ew | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip2m-866w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip4m-1053ew | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip8m-2454ew | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip8m-2493eb | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip8m-2496eb | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip8m-2597e | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip8m-mb2546ew | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip8m-mt2544ew | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ip8m-t2499ew | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ipm-721 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | amcrest | ipm-hx1 | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 低
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-787 | 跨界内存写 |
Exp相关链接
- avd.aliyun.com
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论