CVE-2020-25784

Vulnerability

An unauthenticated stack-based buffer overflow exists in the function CNetClientGuard::SubOprMsg of Accfly Wireless Security IR Camera System 720P firmware versions v3.10.73 through v4.15.77 [1]. The vulnerability occurs during processing of custom protocol messages without proper bounds checking, within a codebase that makes heavy use of insecure string handling functions [1].

Exploitation

An attacker who can reach the device over the network — for example via Wi-Fi (typically behind NAT but reachable through MitM or DNS manipulation against the unencrypted vendor proxy) — can send a crafted message to trigger the overflow [1]. No authentication is required, and the device runs all services as root without modern exploit mitigations [1].

Impact

Successful exploitation leads to arbitrary code execution with full root privileges on the camera, allowing complete compromise of the device and its video feed, as well as persistent access to the network [1].

Mitigation

No fix or updated firmware version has been released as of the latest reference. The vendor has not addressed this issue publicly [1]. Users should isolate affected cameras on a separate VLAN and restrict network access to trusted hosts only, as the device is EOL or unsupported.