CVE-2020-5735

Name of the Vulnerable Software and Affected Versions Amcrest cameras and NVR (affected versions not specified)

Description The issue is related to a stack-based buffer overflow that can be exploited by an authenticated remote attacker over port 37777. This can lead to a device crash and potentially allow the execution of arbitrary code. The vulnerability is associated with the implementation of the automatic update method for the domain name server in the Dynamic DNS (DDNS) system of Amcrest IP camera firmware, specifically involving a buffer overflow when using command 0x62 with subcommand 0x04.

Recommendations As a temporary workaround, consider restricting access to port 37777 to minimize the risk of exploitation. Avoid using command 0x62 with subcommand 0x04 in the affected DDNS system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.