CVE-2020-15956

HIGH

ACTi NVR3 Standard Server 3.0.12.42 - Unauthenticated Denial of Service via Malformed Payload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-15956. PoCs published by MegaMagnus, megamagnus.

AI-analyzed exploit summary This PoC exploits a Denial of Service (DoS) vulnerability in ACTi NVR3 servers by sending a malformed authentication request with an oversized payload to the '/Media/UserGroup/login' endpoint. The exploit continuously sends requests to crash the target service.

Description

ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload.

Exploits (2)

exploitdb WORKING POC
by MegaMagnus · pythondoswindows
https://www.exploit-db.com/exploits/48731

This PoC exploits a Denial of Service (DoS) vulnerability in ACTi NVR3 servers by sending a malformed authentication request with an oversized payload to the '/Media/UserGroup/login' endpoint. The exploit continuously sends requests to crash the target service.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ACTi NVR3 Standard or Professional Server 3.0.12.42, V.2.3.04.07
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by megamagnus · poc
https://github.com/megamagnus/cve-2020-15956

This PoC exploits a buffer overflow vulnerability in ACTi NVR servers by sending a malformed 760-byte authorization header to the Media Server, causing a denial of service (DoS) by crashing ActiveMediaServer.exe. The exploit is straightforward and repeatedly sends the payload to maintain the DoS condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ACTi NVR 2.3 Standard/Professional Server and ACTi NVR3 Standard/Professional Server (V.3.0.12.42, V.2.3.04.07)
No auth needed
Prerequisites: Network access to the target server · Python environment with the 'requests' library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www2.acti.com/nvr3
Exploit, Third Party Advisory x_refsource_misc
https://github.com/megamagnus/cve-2020-15956

Scores

CVSS v3 7.5
EPSS 0.1052
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-120
Status published
Products (2)
acti/nvr 2.3.04.07
acti/nvr 3.0.12.42
Published Aug 04, 2020
Tracked Since Feb 18, 2026