CVE-2020-9527 Information

Description

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20 after 2018-08-09 through 2020) as used by many different vendors in millions of Internet of Things devices suffers from buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code via the peer-to-peer (P2P) service. This affects products marketed under the following brand names: Accfly Alptop Anlink Besdersec BOAVISION COOAU CPVAN Ctronics D3D Security Dericam Elex System Elite Security ENSTER ePGes Escam FLOUREON GENBOLT Hongjingtian (HJT) ICAMI Iegeek Jecurity Jennov KKMoon LEFTEK Loosafe Luowice Nesuniq Nettoly ProElite QZT Royallite SDETER SV3C SY2L Tenvis ThinkValue TOMLOV TPTEK WGCC and ZILINK.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://hacked.camera/ https://redprocyon.com

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8