CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-8230 – Amcrest IPM-721S Credential Disclosure / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8230
07 Jun 2019 — On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrative interface of the device can add a new administrative user to the interface using HTTP APIs provided by the device and perform all the actions as an administrative user by using that account. If the firmware versio... • https://packetstorm.news/files/id/153224 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16546
https://notcve.org/view.php?id=CVE-2018-16546
05 Sep 2018 — Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. Los dispositivos en red de Amcrest emplean la misma clave privada SSL embebida en diferentes instalaciones de cliente, lo que permite que atacantes remotos superen los mecanismos de... • https://seclists.org/bugtraq/2018/Sep/6 • CWE-798: Use of Hard-coded Credentials •