Sign-up

ID

VAR-202101-0211


CVE

CVE-2020-25783


TITLE

Accfly Wireless Security IR Camera System 720P  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-015642

DESCRIPTION

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling

Trust: 1.71

sources: NVD: CVE-2020-25783 // JVNDB: JVNDB-2020-015642 // VULMON: CVE-2020-25783

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:accflymodel:720pscope:gteversion:3.10.73

Trust: 1.0

vendor:accflymodel:720pscope:lteversion:4.15.77

Trust: 1.0

vendor:accflymodel:wireless security ir camera system 720pscope:eqversion: -

Trust: 0.8

vendor:accflymodel:wireless security ir camera system 720pscope:eqversion:accfly wireless security ir camera system 720p firmware 3.10.73 to 4.15.77

Trust: 0.8

sources: JVNDB: JVNDB-2020-015642 // NVD: CVE-2020-25783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25783
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-25783
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202101-2484
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-25783
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-25783
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-25783
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-25783
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-25783 // JVNDB: JVNDB-2020-015642 // CNNVD: CNNVD-202101-2484 // NVD: CVE-2020-25783

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015642 // NVD: CVE-2020-25783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-2484

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-2484

PATCH

title:Accfly Wireless Security IP Camera System 720P HD WiFi Smart Home Surveillance Video Cam Two Way Talk Night Vision 185° Wide Angle Motion Detectionurl:http://accfly.com/product/accfly-wireless-security-ip-camera-system-720p-hd-wifi-smart-home-surveillance-video-cam-two-way-talk-night-vision-185-wide-angle-motion-detection/

Trust: 0.8

title:accflyurl:https://github.com/tezeb/accfly

Trust: 0.1

sources: VULMON: CVE-2020-25783 // JVNDB: JVNDB-2020-015642

EXTERNAL IDS

db:NVDid:CVE-2020-25783

Trust: 2.6

db:JVNDBid:JVNDB-2020-015642

Trust: 0.8

db:CNNVDid:CNNVD-202101-2484

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-25783

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25783 // JVNDB: JVNDB-2020-015642 // CNNVD: CNNVD-202101-2484 // NVD: CVE-2020-25783

REFERENCES

url:https://github.com/tezeb/accfly/blob/master/readme.md

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-25783

Trust: 1.4

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/tezeb/accfly

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195777

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25783 // JVNDB: JVNDB-2020-015642 // CNNVD: CNNVD-202101-2484 // NVD: CVE-2020-25783

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-25783
db:JVNDBid:JVNDB-2020-015642
db:CNNVDid:CNNVD-202101-2484
db:NVDid:CVE-2020-25783

LAST UPDATE DATE

2025-01-30T19:36:35.084000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-25783date:2021-02-01T00:00:00
db:JVNDBid:JVNDB-2020-015642date:2021-10-07T07:35:00
db:CNNVDid:CNNVD-202101-2484date:2021-02-09T00:00:00
db:NVDid:CVE-2020-25783date:2024-11-21T05:18:45.570

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-25783date:2021-01-28T00:00:00
db:JVNDBid:JVNDB-2020-015642date:2021-10-07T00:00:00
db:CNNVDid:CNNVD-202101-2484date:2021-01-27T00:00:00
db:NVDid:CVE-2020-25783date:2021-01-28T03:15:12.197