Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi

Advisories

Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi

severity: critical
date: 12/10/2025
Affecting: IPELA Network Camera firmware < v1.88.00
CVE: CVE-2020-36885
CWE: CWE-787 Out-of-bounds Write
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-48842
Sony Firmware Download
Zero Science Lab Disclosure (ZSL-2020-5596)
Sony Product Webpage
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo