CVE-2020-25782

CRITICAL

Accfly 720p_firmware 3.10.73-4.15.77 - Stack-Based Buffer Overflow in CNetClientManage::ServerIP_Proto_Set

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25782. PoCs published by tezeb.

AI-analyzed exploit summary This repository documents multiple vulnerabilities (CVE-2020-25782, CVE-2020-25783, CVE-2020-25784, CVE-2020-25785) in the Accfly Wireless Security Camera, including unauthenticated buffer overflows leading to RCE. The writeup details the lack of authentication, insecure string handling, and proprietary protocol flaws.

Description

An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.

Exploits (1)

nomisec WRITEUP 3 stars
by tezeb · poc
https://github.com/tezeb/accfly

This repository documents multiple vulnerabilities (CVE-2020-25782, CVE-2020-25783, CVE-2020-25784, CVE-2020-25785) in the Accfly Wireless Security Camera, including unauthenticated buffer overflows leading to RCE. The writeup details the lack of authentication, insecure string handling, and proprietary protocol flaws.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Accfly Wireless Security Camera (V3.10.73, V4.15.77)
No auth needed
Prerequisites: Network access to the device · Knowledge of proprietary binary protocol
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://github.com/tezeb/accfly/blob/master/Readme.md

Scores

CVSS v3 9.8
EPSS 0.0294
EPSS Percentile 85.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
accfly/720p_firmware 3.10.73 - 4.15.77
Published Jan 28, 2021
Tracked Since Feb 18, 2026