CVE-2020-25783

Vulnerability

An unauthenticated heap-based buffer overflow exists in the function CNetClientTalk::OprMsg during incoming message handling in Accfly Wireless Security IR Camera System 720P with firmware versions v3.10.73 through v4.15.77. The device lacks authentication, uses insecure string handling functions, and does not enable modern security mechanisms, increasing the attack surface [1].

Exploitation

An attacker on the same Wi-Fi network can send a crafted binary protocol message to trigger the overflow. Due to lack of encryption and use of a vendor proxy server, network position can be expanded via man-in-the-middle or DNS manipulation attacks to reach the device from the Internet [1]. No authentication is required.

Impact

Successful exploitation allows remote code execution as the root user, leading to full device compromise, including access to video feeds and the ability to reconfigure or disable the camera [1]. This results in complete loss of confidentiality, integrity, and availability.

Mitigation

No official fix has been released for the affected firmware versions. Users should restrict network access to the camera, ensure it is not exposed to untrusted networks, and consider replacing the device if a patched firmware becomes unavailable [1].