CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12984 – Amcrest IP2M-841B Web Interface webCapsConfig information disclosure
https://notcve.org/view.php?id=CVE-2024-12984
27 Dec 2024 — A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 36EXPL: 2CVE-2020-5735 – Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-5735
08 Apr 2020 — Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. Las cámaras y NVR Amcrest , son vulnerables a un desbordamiento del búfer en la región stack de la memoria sobre el puerto 37777. Un atacante remoto autenticado puede abusar de este problema para bloquear el dispositivo y posiblemente ejecutar código arbitrario. Amcrest cameras and NVR contain a stack-based buf... • https://www.exploit-db.com/exploits/48304 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 36EXPL: 0CVE-2020-5736
https://notcve.org/view.php?id=CVE-2020-5736
08 Apr 2020 — Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can abuse this issue to crash the device. Las cámaras y NVR Amcrest , son vulnerables a una desreferencia del puntero null sobre el puerto 37777. Un atacante remoto autenticado puede abusar de este problema para bloquear el dispositivo. • https://www.tenable.com/security/research/tra-2020-20 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7222
https://notcve.org/view.php?id=CVE-2020-7222
17 Jan 2020 — An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them). Se detectó un problema en Amcrest Web Server versión 2.520.AC00.18.R 2017-06-29 WEB versión 3.2.1.453504. La página de inicio de sesión responde con JavaScript cu... • https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 3%CPEs: 13EXPL: 3CVE-2019-3948 – Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
https://notcve.org/view.php?id=CVE-2019-3948
29 Jul 2019 — The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote pe... • https://www.exploit-db.com/exploits/47188 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-13719 – Amcrest IPM-721S Credential Disclosure / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-13719
07 Jun 2019 — The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encoded in the Authorization HTTP header. However, a missing length check in the code allows an attacker to send a string of 1024 characters in the password field, and allows an attacker to exploit a memory corruptio... • http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2017-8226 – Amcrest IPM-721S Credential Disclosure / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8226
07 Jun 2019 — Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that sets up the default crede... • http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8230 – Amcrest IPM-721S Credential Disclosure / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8230
07 Jun 2019 — On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrative interface of the device can add a new administrative user to the interface using HTTP APIs provided by the device and perform all the actions as an administrative user by using that account. If the firmware versio... • http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8227 – Amcrest IPM-721S Credential Disclosure / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8227
07 Jun 2019 — Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware ver... • http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 1CVE-2017-8228 – Amcrest IPM-721S Credential Disclosure / Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8228
07 Jun 2019 — Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user's camera to an attacker's cloud account and control it completely. This is possible in case of any camer... • http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html • CWE-264: Permissions, Privileges, and Access Controls •