Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi

Advisories

severity: critical
date: December 10, 2025
Affecting: IPELA Network Camera firmware < v1.88.00
CVE: CVE-2020-36885
CWE: CWE-787 Out-of-bounds Write
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-48842
Sony Firmware Download
Zero Science Lab Disclosure (ZSL-2020-5596)
Sony Product Webpage
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.