CVE-2020-15956 PoC — ACTi NVR3 Standard Server 缓冲区错误漏洞

Source

https://github.com/megamagnus/cve-2020-15956

Associated Vulnerability

Title:ACTi NVR3 Standard Server 缓冲区错误漏洞 (CVE-2020-15956)
Description:ACTi NVR3 Standard Server 3.0.12.42版本中的ActiveMediaServer.exe文件存在缓冲区错误漏洞。远程攻击者可借助格式错误的payload利用该漏洞终止应用程序。

Description

ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload.

Readme

# cve-2020-15956
ACTi NVR 2.3 Standard/Professional Server and ACTi NVR3 Standard/Professional Server allows remote unauthenticated attackers to conduct a denial of service. To exploit this vulnerability merely send a malformed authorization header payload of at least 760-bytes to the Media Server triggering a buffer overflow and application termination of ActiveMediaServer.exe.

Vulnerable versions (possibly others):
* ACTi NVR3 Standard Server V.3.0.12.42
* ACTi NVR Professional V.2.3.04.07

Expected outcome: Denial of service. Server loss.

Fixed by vendor in NVR3 V.3.0.15.50

## Running the Exploit
```
python3 cve-2020-15956.py http://address
```

![PoC GIF](poc.gif)


## Resources
https://www.acti.com/DownloadCenter

File Snapshot


 [4.0K]  /data/pocs/da11cb1dde4f264596296a15aa0786dd3b26efcd
├── [1.8K]  cve-2020-15956.py
├── [ 12M]  poc.gif
└── [ 731]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!