What is CVE-2020-5735?

A high-severity stack-based buffer overflow vulnerability exists in Amcrest cameras and NVR, allowing remote attackers to potentially execute arbitrary code. Organizations must prioritize patching to mitigate risks effectively.

What is the severity of CVE-2020-5735?

CVE-2020-5735 has a severity rating of HIGH with a CVSS base score of 8.8.

Is CVE-2020-5735 in CISA KEV?

Yes. CVE-2020-5735 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2020-5735 | High Vulnerability in Amcrest Cameras and NVR

CVE-2020-5735 describes a high-severity vulnerability affecting Amcrest cameras and Network Video Recorders (NVR). This vulnerability allows for a stack-based buffer overflow over port 37777, which can be exploited by an authenticated remote attacker. By leveraging this vulnerability, an attacker can crash the device and potentially execute arbitrary code. With a CVSS score of 8.8, this vulnerability signifies a critical risk to organizations that utilize Amcrest products.

The urgency for organizations to address this vulnerability is high. Immediate action is crucial to prevent exploitation, as attackers may leverage this flaw to gain unauthorized access or disrupt services. Organizations utilizing these devices should prioritize patching this vulnerability to mitigate potential risks.

As of now, the vulnerability has been analyzed and is known to be actively exploited in the wild. Organizations are advised to review their existing security measures and ensure that all necessary updates are applied to safeguard their systems.

Given the severity of this vulnerability, organizations must act swiftly to implement the necessary patches and updates. Delaying remediation could result in significant security breaches and operational disruptions.

Vulnerability Details

This vulnerability allows for a stack-based buffer overflow, which can be triggered remotely over port 37777. The vulnerability affects multiple firmware versions across various Amcrest camera models, posing a substantial risk to confidentiality, integrity, and availability. The CVSS score of 8.8 indicates a high severity level, necessitating immediate action from affected organizations.

Technical Analysis

The root cause of the vulnerability is a stack-based buffer overflow, which occurs due to improper handling of input data. This vulnerability can be exploited through the network, with low attack complexity and requiring only low privileges for exploitation. No user interaction is necessary, and the impact on confidentiality, integrity, and availability is significant.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access, data breaches, and service disruptions. The blast radius is considerable, as the vulnerability affects a range of Amcrest products. Organizations should assess their exposure and take immediate steps to mitigate risks, including reviewing the deployment of affected devices and ensuring they are updated.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The following Amcrest camera firmware versions are affected: 1080-lite_8ch_firmware, amdv10814-h5_firmware, ipm-721_firmware, ip2m-841_firmware, ip2m-841-v3_firmware, ip2m-853ew_firmware, ip2m-858w_firmware, ip2m-866w_firmware, ip2m-866ew_firmware, ip4m-1053ew_firmware, ip8m-2454ew_firmware, ip8m-2493eb_firmware, ip8m-2496eb_firmware, ip8m-2597e_firmware, ip8m-mb2546ew_firmware, ip8m-mt2544ew_firmware, ip8m-t2499ew_firmware, and ipm-hx1_firmware.

Mitigation & Remediation

Organizations should apply updates as per vendor instructions to mitigate this vulnerability. It is essential to monitor for any anomalies in the behavior of affected devices and consider implementing network controls to limit exposure. Regular security assessments, such as penetration testing, can help identify vulnerabilities and improve overall security posture.

Detection Guidance

Security teams should monitor logs for indicators of exploitation attempts, such as unusual traffic patterns on port 37777. Behavioral anomalies, unexpected device crashes, or unauthorized access attempts should also be investigated promptly.

AppSecure Threat Intelligence Insight

The significance of CVE-2020-5735 lies in its representation of the vulnerabilities found in IoT devices. As the adoption of smart technologies increases, so does the necessity for robust security measures. Security teams must engage in proactive monitoring and patch management to mitigate risks associated with vulnerabilities. Organizations can benefit from insights gained through vulnerability management programs and penetration testing methodologies to strengthen their security posture against potential threats.

Furthermore, organizations should stay updated on emerging threats and engage in continuous security testing to identify vulnerabilities proactively. By fostering a culture of security awareness and implementing best practices, organizations can better defend against vulnerabilities such as CVE-2020-5735.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2020-5735: High Vulnerability in Amcrest Cameras and NVR