Description

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example. NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network.

Related CPE's

a

ambarella

oryx_rtsp_server

2020-01-07

Vulnerable

References

https://github.com/Ambarella-Inc/amba-cve-info/tree/main/cve-2020-24918

https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1

ExploitThird Party Advisory

https://www.ambarella.com

Vendor Advisory

https://www.somersetrecon.com/blog

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-120

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-30T12:15:07.460

4 years ago

Last modified

2024-09-06T15:15:12.280

10 months ago