Sign-up

ID

VAR-202101-0210


CVE

CVE-2020-25782


TITLE

Accfly Wireless Security IR Camera 720P System  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-015641

DESCRIPTION

An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling

Trust: 1.71

sources: NVD: CVE-2020-25782 // JVNDB: JVNDB-2020-015641 // VULMON: CVE-2020-25782

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:accflymodel:720pscope:gteversion:3.10.73

Trust: 1.0

vendor:accflymodel:720pscope:lteversion:4.15.77

Trust: 1.0

vendor:accflymodel:wireless security ir camera system 720pscope:eqversion: -

Trust: 0.8

vendor:accflymodel:wireless security ir camera system 720pscope:eqversion:accfly wireless security ir camera system 720p firmware 3.10.73 to 4.15.77

Trust: 0.8

sources: JVNDB: JVNDB-2020-015641 // NVD: CVE-2020-25782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25782
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-25782
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202101-2481
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-25782
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-25782
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-25782
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-25782
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-25782 // JVNDB: JVNDB-2020-015641 // CNNVD: CNNVD-202101-2481 // NVD: CVE-2020-25782

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015641 // NVD: CVE-2020-25782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-2481

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-2481

PATCH

title:Accfly Wireless Security IP Camera System 720P HD WiFi Smart Home Surveillance Video Cam Two Way Talk Night Vision 185° Wide Angle Motion Detectionurl:http://accfly.com/product/accfly-wireless-security-ip-camera-system-720p-hd-wifi-smart-home-surveillance-video-cam-two-way-talk-night-vision-185-wide-angle-motion-detection/

Trust: 0.8

title:accflyurl:https://github.com/tezeb/accfly

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2020-25782 // JVNDB: JVNDB-2020-015641

EXTERNAL IDS

db:NVDid:CVE-2020-25782

Trust: 2.6

db:JVNDBid:JVNDB-2020-015641

Trust: 0.8

db:CNNVDid:CNNVD-202101-2481

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-25782

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25782 // JVNDB: JVNDB-2020-015641 // CNNVD: CNNVD-202101-2481 // NVD: CVE-2020-25782

REFERENCES

url:https://github.com/tezeb/accfly/blob/master/readme.md

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-25782

Trust: 1.4

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/tezeb/accfly

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25782 // JVNDB: JVNDB-2020-015641 // CNNVD: CNNVD-202101-2481 // NVD: CVE-2020-25782

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-25782
db:JVNDBid:JVNDB-2020-015641
db:CNNVDid:CNNVD-202101-2481
db:NVDid:CVE-2020-25782

LAST UPDATE DATE

2025-01-30T20:23:49.017000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-25782date:2021-02-01T00:00:00
db:JVNDBid:JVNDB-2020-015641date:2021-10-07T07:35:00
db:CNNVDid:CNNVD-202101-2481date:2021-02-09T00:00:00
db:NVDid:CVE-2020-25782date:2024-11-21T05:18:45.370

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-25782date:2021-01-28T00:00:00
db:JVNDBid:JVNDB-2020-015641date:2021-10-07T00:00:00
db:CNNVDid:CNNVD-202101-2481date:2021-01-27T00:00:00
db:NVDid:CVE-2020-25782date:2021-01-28T03:15:12.117