ID CVE-2020-5736
Summary Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.
References
Vulnerable Configurations
  • cpe:2.3:o:amcrest:1080-lite_8ch_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:1080-lite_8ch_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:1080-lite_8ch:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:1080-lite_8ch:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:amdv10814-h5_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:amdv10814-h5_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:amdv10814-h5:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:amdv10814-h5:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ipm-721_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ipm-721_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ipm-721:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ipm-721:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip2m-841_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip2m-841_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip2m-841:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip2m-841:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip2m-841-v3_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip2m-841-v3_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip2m-841-v3:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip2m-841-v3:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip2m-853ew_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip2m-853ew_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip2m-853ew:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip2m-853ew:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip2m-858w_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip2m-858w_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip2m-858w:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip2m-858w:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip2m-866w_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip2m-866w_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip2m-866w:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip2m-866w:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip2m-866ew_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip2m-866ew_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip2m-866ew:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip2m-866ew:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip4m-1053ew_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip4m-1053ew_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip4m-1053ew:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip4m-1053ew:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip8m-2454ew_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip8m-2454ew_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip8m-2454ew:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip8m-2454ew:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip8m-2493eb_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip8m-2493eb_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip8m-2493eb:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip8m-2493eb:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip8m-2496eb_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip8m-2496eb_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip8m-2496eb:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip8m-2496eb:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip8m-2597e_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip8m-2597e_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip8m-2597e:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip8m-2597e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip8m-mb2546ew_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip8m-mb2546ew_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip8m-mb2546ew:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip8m-mb2546ew:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip8m-mt2544ew_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip8m-mt2544ew_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip8m-mt2544ew:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip8m-mt2544ew:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ip8m-t2499ew_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ip8m-t2499ew_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ip8m-t2499ew:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ip8m-t2499ew:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amcrest:ipm-hx1_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:amcrest:ipm-hx1_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:amcrest:ipm-hx1:-:*:*:*:*:*:*:*
    cpe:2.3:h:amcrest:ipm-hx1:-:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 09-04-2020 - 20:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
refmap via4
misc https://www.tenable.com/security/research/tra-2020-20
Last major update 09-04-2020 - 20:15
Published 08-04-2020 - 13:15
Last modified 09-04-2020 - 20:15
Back to Top