CVE-2020-24918 – This critical vulnerability allows unauthentica... (How to Fix)

Q: What is the severity of CVE-2020-24918?

CVE-2020-24918 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code or cause denial-of-service via a buffer overflow in the RTSP service of Ambarella's Oryx RTSP Server. It affects products like the Furbo Dog Camera that use this vulnerable library. The vendor states the RTSP library was intended for demonstration purposes only.

📋 TL;DR

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code or cause denial-of-service via a buffer overflow in the RTSP service of Ambarella's Oryx RTSP Server. It affects products like the Furbo Dog Camera that use this vulnerable library. The vendor states the RTSP library was intended for demonstration purposes only.

💻 Affected Systems

Products:

Furbo Dog Camera
Other devices using Ambarella Oryx RTSP Server library

Versions: Ambarella Oryx RTSP Server 2020-01-07 and likely earlier versions

Operating Systems: Embedded Linux systems using Ambarella chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vendor states RTSP library was for DEMO only; using it in products is customer's responsibility.

📦 What is this software?

Oryx Rtsp Server by Ambarella

View all CVEs affecting Oryx Rtsp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete remote takeover of affected devices, enabling persistent access, data theft, and use in botnets.

🟠

Likely Case

Remote code execution leading to device compromise, surveillance feed interception, or device bricking.

🟢

If Mitigated

Denial-of-service crash if exploit fails or controls limit impact.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication via RTSP protocol.

🏢 Internal Only: MEDIUM - Still exploitable on internal networks but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available; used against Furbo Dog Camera in real attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified by vendor

Vendor Advisory: https://github.com/Ambarella-Inc/amba-cve-info/tree/main/cve-2020-24918

Instructions:

No official patch. Vendor recommends not using the RTSP library in production. Contact device manufacturers for firmware updates.

🔧 Temporary Workarounds

Disable RTSP Service

all

Disable the vulnerable RTSP service if not required for functionality.

Specific commands depend on device firmware; check manufacturer documentation

Network Segmentation

linux

Isolate affected devices in separate network segments with strict firewall rules.

iptables -A INPUT -p tcp --dport 554 -j DROP
ufw deny 554/tcp

🧯 If You Can't Patch

Segment affected devices on isolated VLANs with no internet access
Implement strict network ACLs blocking RTSP port 554 from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check if device uses Ambarella Oryx RTSP Server 2020-01-07 or earlier. Test with crafted RTSP request containing long digest authentication header.

Check Version:

Device-specific; check manufacturer firmware version or system logs for RTSP library version

Verify Fix Applied:

Verify RTSP service is disabled or device firmware has been updated by manufacturer.

📡 Detection & Monitoring

Log Indicators:

Unusual RTSP authentication failures
RTSP service crashes
Long authentication headers in RTSP requests

Network Indicators:

RTSP traffic with unusually long authentication headers
Exploit attempts on port 554

SIEM Query:

source_port=554 AND (http_user_agent CONTAINS "RTSP" OR protocol="RTSP") AND (url_length > 1000 OR header_length > 500)

📊 Metadata

CVE ID: CVE-2020-24918

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: April 30, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/Ambarella-Inc/amba-cve-info/tree/main/cve-2020-24918
https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1 Exploit,Third Party Advisory
https://www.ambarella.com Vendor Advisory
https://www.somersetrecon.com/blog Exploit,Third Party Advisory
https://somersetrecon.squarespace.com/blog/2021/hacking-the-furbo-part-1 Exploit,Third Party Advisory
https://www.ambarella.com Vendor Advisory
https://www.somersetrecon.com/blog Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24918, you might also want to check these: