CVE-2020-2501

CRITICAL

QNAP Surveillance Station < 5.1.5.3.3 - Stack-based Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-2501. PoCs published by Alonzozzz.

AI-analyzed exploit summary This repository contains a README.md file listing various CVEs, including CVE-2020-2501, but does not provide any exploit code or technical details. It appears to be a placeholder or informal changelog rather than a functional PoC.

Description

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)

Exploits (1)

nomisec WRITEUP 1 stars

by Alonzozzz · poc

https://github.com/Alonzozzz/alonzzzo

View Code ZIP pw:eip

This repository contains a README.md file listing various CVEs, including CVE-2020-2501, but does not provide any exploit code or technical details. It appears to be a placeholder or informal changelog rather than a functional PoC.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: multiple (Dahua, DAP-2020, TP-Link, QNAP, Cisco, DGN2200v1)

No auth needed

Prerequisites: none

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.qnap.com/en/security-advisory/qsa-21-07

Scores

CVSS v3 9.8

EPSS 0.0294

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

qnap/surveillance_station < 5.1.5.3.3

Published Feb 17, 2021

Tracked Since Feb 18, 2026