Detections
Analytics
Sony IPELA Network Camera Remote Stack Buffer Overflow (CVE-2020-36885)
critical Tenable OT Security Plugin ID 504872
Synopsis
The remote OT asset is affected by a vulnerability.Description
Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
http://www.nessus.org/u?f8802ac7
https://www.exploit-db.com/exploits/48842
http://www.nessus.org/u?737a5f0b
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5596.php
Plugin Details
Severity: Critical
ID: 504872
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 1/2/2026
Updated: 1/5/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/o:sony:snc-dh120t_firmware
Required KB Items: Tenable.ot/Sony
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/10/2025
Vulnerability Publication Date: 12/10/2025
Reference Information
CVE: CVE-2020-36885
CWE: 787