CVE-2020-36885

CriticalPublic PoC

Published: 10 December 2025

Published

10 December 2025

Modified

02 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0036 58.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP…

client functionality, potentially causing remote code execution or denial of service.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents stack buffer overflows by validating the size and format of POST requests to the ftpclient.cgi endpoint before processing oversized data.

SI-16 Memory Protection good match

prevent

Implements memory protections like stack canaries, ASLR, and DEP to block arbitrary code execution even if a buffer overflow occurs in ftpclient.cgi.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the specific stack buffer overflow flaw through Sony firmware updates, eliminating the vulnerability.

Security SummaryAI

CVE-2020-36885 is a stack buffer overflow vulnerability (CWE-787) affecting Sony IPELA Network Camera version 1.82.01, specifically in the ftpclient.cgi endpoint. The flaw arises when the FTP client functionality processes a crafted POST request containing oversized data, leading to a buffer overflow. This critical issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

Remote attackers can exploit this vulnerability without authentication or user interaction by sending a specially crafted POST request over the network to the vulnerable endpoint. Successful exploitation enables arbitrary code execution on the device or denial of service, potentially compromising the camera's functionality and allowing attackers to gain control over the affected network camera.

Advisories and references include Sony support resources for the SNC-DH120 model, such as firmware update software (mpengb00000928), a public exploit on Exploit-DB (48842), and detailed analyses from VulnCheck and Zero Science Labs (ZSL-2020-5596), which likely outline patches or mitigation steps available through Sony's updates.

Details

CWE(s): CWE-787

Affected Products

sony

snc-dh120t firmware

≤ 1.82.01

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a remotely exploitable stack buffer overflow in a public-facing CGI endpoint (ftpclient.cgi) on a network camera, enabling unauthenticated arbitrary code execution, directly mapping to Exploit Public-Facing Application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://pro.sony/en_NL/support-resources/snc-dh120/
Broken Link · disclosure@vulncheck.com
https://pro.sony/en_NL/support-resources/snc-dh120/software/mpengb00000928
Release Notes · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48842
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/sony-ipela-network-camera-remote-stack-buffer-overflow-via-ftpclientcgi
Third Party Advisory · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.php
Third Party Advisory · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/48842
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.php
Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0