Sony IPELA Network Camera Stack Buffer Overflow Vulnerability Allowing Remote Code Execution

A stack buffer overflow vulnerability has been identified in the Sony IPELA Network Camera model SNC-DH120, running firmware version 1.82.01. The vulnerability resides in the ftpclient.cgi endpoint, where it allows remote attackers to execute arbitrary code. Exploitation involves sending a crafted POST request with oversized data to the FTP client functionality, which could lead to remote code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can be exploited to execute arbitrary code on the affected device. Alternatively, it could lead to a denial-of-service scenario.

Reproduction

The vulnerability can be reproduced by sending a POST request to the ftpclient.cgi endpoint with oversized data. This can be done using a tool like curl, by including a large payload that exceeds the buffer's capacity. The request must be made to a device running the vulnerable firmware version 1.82.01.

Remediation

Users are advised to update to Sony IPELA Network Camera firmware version 1.88.00 or later, available through the Sony Professional Support Resources.