Sign-up

ID

VAR-202104-0099


CVE

CVE-2020-24918


TITLE

Ambarella Oryx RTSP Server  Buffer Overflow Vulnerability in Linux

Trust: 0.8

sources: JVNDB: JVNDB-2020-016666

DESCRIPTION

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example. NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network. Ambarella Oryx RTSP Server Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-24918 // JVNDB: JVNDB-2020-016666 // VULMON: CVE-2020-24918

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:ambarellamodel:oryx rtsp serverscope:eqversion:2020-01-07

Trust: 1.0

vendor:ambarellamodel:oryx rtsp serverscope:eqversion: -

Trust: 0.8

vendor:ambarellamodel:oryx rtsp serverscope:eqversion:2020/01/07

Trust: 0.8

sources: JVNDB: JVNDB-2020-016666 // NVD: CVE-2020-24918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24918
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-24918
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-2295
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-24918
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-24918
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-24918
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-24918
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-24918 // JVNDB: JVNDB-2020-016666 // CNNVD: CNNVD-202104-2295 // NVD: CVE-2020-24918

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016666 // NVD: CVE-2020-24918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2295

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-2295

PATCH

title:Top Pageurl:https://www.ambarella.com/

Trust: 0.8

title:furbo-researchurl:https://github.com/Somerset-Recon/furbo-research

Trust: 0.1

sources: VULMON: CVE-2020-24918 // JVNDB: JVNDB-2020-016666

EXTERNAL IDS

db:NVDid:CVE-2020-24918

Trust: 3.4

db:JVNDBid:JVNDB-2020-016666

Trust: 0.8

db:CNNVDid:CNNVD-202104-2295

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-24918

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-24918 // JVNDB: JVNDB-2020-016666 // CNNVD: CNNVD-202104-2295 // NVD: CVE-2020-24918

REFERENCES

url:https://www.somersetrecon.com/blog

Trust: 2.5

url:https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1

Trust: 2.5

url:https://www.ambarella.com

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-24918

Trust: 1.4

url:https://github.com/ambarella-inc/amba-cve-info/tree/main/cve-2020-24918

Trust: 1.0

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://github.com/somerset-recon/furbo-research

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-24918 // JVNDB: JVNDB-2020-016666 // CNNVD: CNNVD-202104-2295 // NVD: CVE-2020-24918

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-24918
db:JVNDBid:JVNDB-2020-016666
db:CNNVDid:CNNVD-202104-2295
db:NVDid:CVE-2020-24918

LAST UPDATE DATE

2025-01-30T21:41:33.957000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-24918date:2021-05-07T00:00:00
db:JVNDBid:JVNDB-2020-016666date:2022-01-05T07:43:00
db:CNNVDid:CNNVD-202104-2295date:2021-05-08T00:00:00
db:NVDid:CVE-2020-24918date:2024-09-06T15:15:12.280

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-24918date:2021-04-30T00:00:00
db:JVNDBid:JVNDB-2020-016666date:2022-01-05T00:00:00
db:CNNVDid:CNNVD-202104-2295date:2021-04-30T00:00:00
db:NVDid:CVE-2020-24918date:2021-04-30T12:15:07.460