Sony IPELA Network Camera (ftpclient.cgi) Remote Stack Buffer Overflow

Title: Sony IPELA Network Camera (ftpclient.cgi) Remote Stack Buffer Overflow
Advisory ID: ZSL-2020-5596
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 30.09.2020
IPELA is Sony's vision of the ultimate workplace, designed to revolutionize the way business communicates over global IP networks. IPELA products can improve the efficiency of your organization by connecting people and places with high-quality audio and video. The SNC-DH120T is an indoor tamper proof, high definition (720p) minidome network security camera with Electronic Day/Night settings, DEPA analysis and is ONVIF compliant. It supports dual streaming of H.264, MPEG-4 and JPEG at full frame-rate.
The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be exploited to cause a stack-based buffer overflow when a user issues a POST request to connect to a malicious FTP server. Successful exploitation could allow execution of arbitrary code on the affected device or cause denial of service scenario.
Sony Electronics Inc. -
Affected Version
SNC-DH120T v1.82.01
Tested On
Vendor Status
[17.09.2019] Vulnerability discovered.
[28.10.2019] Vendor contacted.
[08.05.2020] Working with the vendor.
[03.06.2020] Vendor already produced a patch for this issue long time ago.
[30.09.2020] Public security advisory released.
Vulnerability discovered by Gjoko Krstic - <>
[30.09.2020] - Initial release
[06.10.2020] - Added reference [1], [2], [3] and [4]
Zero Science Lab