CVE-2020-24918

Name of the Vulnerable Software and Affected Versions: Ambarella Oryx RTSP Server version 2020-01-07

Description: A buffer overflow issue exists in the RTSP service, allowing an unauthenticated attacker to send a crafted RTSP request with a long digest authentication header. This can lead to the execution of arbitrary code in the parse authentication header() function in libamprotocol-rtsp.so.1 within rtsp svc, or cause a crash, potentially enabling remote takeover of devices such as the Furbo Dog Camera.

Recommendations: For Ambarella Oryx RTSP Server version 2020-01-07, consider disabling the RTSP service until a patch is available, as it is emphasized by the vendor to be for DEMO purposes only and not intended for use in production products. Restrict access to the parse authentication header() function to minimize the risk of exploitation. Avoid using the RTSP library in production environments, adhering to the vendor's guidelines that it should not be used in products.