cbcvebase.

Amcrest Ipm-721S Firmware vulnerabilities

6 known vulnerabilities affecting amcrest/ipm-721s_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH2

Vulnerabilities

Page 1 of 1
CVE-2017-8226P1CRITICALCVSS 9.8Exploited≤ 2.420.ac00.16.r.201609092019-07-03
CVE-2017-8226 [CRITICAL] CWE-798 CVE-2017-8226: Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in th Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem
nvd
CVE-2017-8229P1CRITICALCVSS 9.8PoC≤ 2.420.ac00.16.r.201609092019-07-03
CVE-2017-8229 [CRITICAL] CWE-255 CVE-2017-8229: Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /u
nvd
CVE-2017-13719P2CRITICALCVSS 9.8vamcrest_ipc-awxx_eng_n_v2.420.ac00.17.r.201703222019-07-03
CVE-2017-13719 [CRITICAL] CWE-119 CVE-2017-13719: The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that perm The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encoded in the Authorization HTTP header. However, a
nvd
CVE-2017-8227P3CRITICALCVSS 9.8≤ 2.420.ac00.16.r.201609092019-07-03
CVE-2017-8227 [CRITICAL] CWE-254 CVE-2017-8227: Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in ca Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no ac
nvd
CVE-2017-8230P3HIGHCVSS 8.8≤ 2.420.ac00.16.r.201609092019-07-03
CVE-2017-8230 [HIGH] CWE-264 CVE-2017-8230: On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 gr On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrative interface of the device can add a new administrative use
nvd
CVE-2017-8228P3HIGHCVSS 8.8≤ 2.420.ac00.16.r.201609092019-07-03
CVE-2017-8228 [HIGH] CWE-264 CVE-2017-8228: Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcr Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker wh
nvd
Amcrest Ipm-721S Firmware vulnerabilities | cvebase