Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2020-24918

EPSS 13.03% · P94
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-24918

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example. NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ambarella Oryx RTSP Server 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ambarella Oryx RTSP Server是美国Ambarella公司的一个应用软件。通过从高分辨率视频流中提取有价值的数据,使相机更加智能。 Ambarella Oryx RTSP Server 2020-01-07 存在缓冲区错误漏洞,该漏洞允许未经认证的攻击者可利用该漏洞发送一个精心制作的RTSP请求,带有一个长摘要认证头,以执行libamprotocol- RTSP . . o中的解析认证头()中的任意代码。1在RTSP SVC(或导致崩溃)。例如,这允许远程接管Furbo的狗相机。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-24918

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-24918

登录查看更多情报信息。

Security Blog Posts for CVE-2020-24918 (1)

Other References for CVE-2020-24918 (2)

Same Patch Batch · n/a · 2021-04-30 · 22 CVEs total

CVE-2020-77317.5 HIGHDenial of Service (DoS)
CVE-2021-319337.2 HIGHChamilo 输入验证错误漏洞
CVE-2021-31232cortex 输入验证错误漏洞
CVE-2021-31873klibc 输入验证错误漏洞
CVE-2021-31919Rust rkyv crate 安全漏洞
CVE-2021-31871klibc 输入验证错误漏洞
CVE-2021-31872klibc 输入验证错误漏洞
CVE-2021-31870klibc 输入验证错误漏洞
CVE-2021-26807Boost Connect community Galaxy Client 代码问题漏洞
CVE-2020-1721pki-core 跨站脚本漏洞
CVE-2021-20266Red Hat Package Manager 缓冲区错误漏洞
CVE-2021-28959Zoho ManageEngine Eventlog Analyzer 路径遍历漏洞
CVE-2021-31231Grafana 输入验证错误漏洞
CVE-2021-31792SuiteCRM 跨站脚本漏洞
CVE-2020-27519pritunl 安全漏洞
CVE-2021-31926CubeCoders AMP 安全漏洞
CVE-2020-18084Yzmcms 跨站脚本漏洞
CVE-2020-28943Open-xchange OX App Suite 代码问题漏洞
CVE-2020-28944Open-Xchange OX App Suite 资源管理错误漏洞
CVE-2021-31935Open-xchange OX App Suite 跨站脚本漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-24918

No comments yet

Leave a comment