IRONSMITHINTEL
HIGHCVSS8.8
|
Actively Exploited
|CISA KEV|CVE-2020-5735|Auth: low — authenticated user|Reboot: required|Manual only

Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability

Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.

Published Apr 8, 2020 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-05-03 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Stack-based Buffer Overflow (CWE-121) vulnerability in Amcrest Cameras and Network Video Recorder (NVR). Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. Exploitation requires remote network access, low attack complexity, a low-privilege authenticated account, and no user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running 1080-lite 8ch firmware: -; amdv10814-h5 firmware: -; ipm-721 firmware: v < v2.420.ac00.18.r.20200217; ip2m-841 firmware: v < v2.420.ac00.18.r.20200217; ip2m-841-v3 firmware: v < v2.800.0000000.6.r.200314; ip2m-853ew firmware: v < v2.623.00ac004.0.r.200316; ip2m-858w firmware: v < v2.623.00ac004.0.r.200316; ip2m-866w firmware: v < v2.623.00ac004.0.r.200316; ip2m-866ew firmware: v < v2.623.00ac004.0.r.200316; ip4m-1053ew firmware: v < v2.623.00ac004.0.r.200316; ip8m-2454ew firmware: v < v2.622.00ac000.0.r.200320; ip8m-2493eb firmware: v < v2.622.00ac000.0.r.200320; ip8m-2496eb firmware: v < v2.622.00ac000.0.r.200320; ip8m-2597e firmware: v < v2.800.00ac000.0.r.200330; ip8m-mb2546ew firmware: v < v2.622.00ac000.0.r.200320; ip8m-mt2544ew firmware: v < v2.622.00ac000.0.r.200320; ip8m-t2499ew firmware: v < v2.622.00ac000.0.r.200320; ipm-hx1 firmware: v < v2.420.ac00.18.r.20200217
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: http://packetstormsecurity.com/files/157164/Amcrest-Dahua-NVR-Camera-IP2M-841-Denial-Of-Service.html

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply updates per vendor instructions.

References

    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2020-5735
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5735
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2020-5735NVD