CVE-2020-25785
Description
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated stack buffer overflow in the FTP login function of Accfly camera firmware (v3.10.73 to v4.15.77) allows remote code execution on the device.
Vulnerability
The vulnerability is a stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the firmware update procedure. It affects Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. No authentication is required to trigger the vulnerable code path [1].
Exploitation
An attacker who can reach the device over the network (potential attack vectors include MitM or DNS manipulation due to lack of encryption and use of vendor proxy) can send a crafted login request to the FTP service. The absence of authentication simplifies exploitation, as no credentials are needed [1].
Impact
Successful exploitation allows arbitrary code execution with root privileges, giving the attacker full control over the camera, including access to the video feed and device reconfiguration. This compromises the confidentiality, integrity, and availability of the device [1].
Mitigation
No official fix has been released for this vulnerability as of the publication date. The reference notes that the device firmware is riddled with security issues, and no workaround is available. Users should consider replacing the device or implementing network-level restrictions to limit exposure [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Accfly/Wireless Security IR Camera System 720Pdescription
- Range: v3.10.73 through v4.15.77
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/tezeb/accfly/blob/master/Readme.mdmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.