CVE-2020-5736

moderate-risk

Published 2020-04-08

Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device.

Do I need to act?

0.73% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (18)

1080-Lite 8Ch Firmware

Amdv10814-H5 Firmware

Ipm-721 Firmware

Ip2M-841 Firmware

Ip2M-841-V3 Firmware

Ip2M-853Ew Firmware

Ip2M-858W Firmware

Ip2M-866W Firmware

Ip2M-866Ew Firmware

Ip4M-1053Ew Firmware

Ip8M-2454Ew Firmware

Ip8M-2493Eb Firmware

Ip8M-2496Eb Firmware

Ip8M-2597E Firmware

Ip8M-Mb2546Ew Firmware

Ip8M-Mt2544Ew Firmware

Ip8M-T2499Ew Firmware

Ipm-Hx1 Firmware

Affected Vendors

Amcrest

References (2)

Third Party Advisory https://www.tenable.com/security/research/tra-2020-20

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 19/34 · Moderate