CVE-2020-25782

Vulnerability

A stack-based buffer overflow exists in the function CNetClientManage::ServerIP_Proto_Set within the firmware of Accfly Wireless Security IR Camera 720P System, a proprietary binary protocol handler. The affected software versions range from v3.10.73 through v4.15.77. The vulnerability is reachable when the device receives a crafted message over the network; the device does not enforce any authentication [1].

Exploitation

An attacker with network access to the camera (typically within the same WiFi network, but potentially extended via MitM or DNS manipulation that bypasses NAT [1]) can send a specially crafted packet to the vulnerable function. No authentication or user interaction is required. The stack-based buffer overflow is triggered during incoming message handling, allowing the attacker to overwrite the stack [1].

Impact

Successful exploitation yields arbitrary code execution on the device with root privileges. This can lead to full compromise of the camera, enabling an attacker to access the video feed, manipulate device configuration, or render the device unusable [1].

Mitigation

As of the latest available reference [1], no official firmware patch has been released. The vendor has not responded to disclosure attempts. Users should isolate the camera on a separate network segment, block external access, and consider replacing the device if no update becomes available.