CVE-2020-5735

HIGH KEV

Amcrest Cameras and NVR - Authenticated Stack-based Buffer Overflow via Port 37777

Title source: llm

Exploitation Summary

CVE-2020-5735 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Jacob Baines.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in Amcrest/Dahua NVR cameras via port 37777. It authenticates using a challenge-response mechanism and triggers a crash by sending an oversized 'Protocol' command.

Description

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.

Exploits (1)

exploitdb WORKING POC

by Jacob Baines · pythondoshardware

https://www.exploit-db.com/exploits/48304

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in Amcrest/Dahua NVR cameras via port 37777. It authenticates using a challenge-response mechanism and triggers a crash by sending an oversized 'Protocol' command.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Amcrest/Dahua NVR Camera (e.g., IP2M-841 2.420.AC00.18.R)

Auth required

Prerequisites: Network access to port 37777 · Valid credentials for authentication

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://www.tenable.com/security/research/tra-2020-20

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5735

Scores

CVSS v3 8.8

EPSS 0.3564

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-26894

CWE

CWE-121 CWE-787

Status published

Products (18)

amcrest/1080-lite_8ch_firmware

amcrest/amdv10814-h5_firmware

amcrest/ip2m-841-v3_firmware < v2.800.0000000.6.r.200314

amcrest/ip2m-841_firmware < v2.420.ac00.18.r.20200217

amcrest/ip2m-853ew_firmware < v2.623.00ac004.0.r.200316

amcrest/ip2m-858w_firmware < v2.623.00ac004.0.r.200316

amcrest/ip2m-866ew_firmware < v2.623.00ac004.0.r.200316

amcrest/ip2m-866w_firmware < v2.623.00ac004.0.r.200316

amcrest/ip4m-1053ew_firmware < v2.623.00ac004.0.r.200316

amcrest/ip8m-2454ew_firmware < v2.622.00ac000.0.r.200320

... and 8 more

Published Apr 08, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026