Credential Disclosure Vulnerability in Amcrest IPM-721S IP Cameras
CVE-2017-8229

9.8CRITICAL

Key Information:

Vendor

Amcrest

Status
Ipm-721s Firmware
Vendor
CVE Published:
3 July 2019

What is CVE-2017-8229?

The Amcrest IPM-721S camera is susceptible to a serious vulnerability that allows an unauthenticated attacker to obtain administrative credentials. An analysis of the firmware version V2.420.AC00.16.R reveals that critical files containing user account information are accessible without the need for authentication. By exploiting this flaw, attackers can navigate to specific URLs that expose sensitive configurations, such as account details and hashed credentials, compromising the device's security. This issue highlights the need for rigorous security practices and monitoring for potential unauthorized access.

References

https://seclists.org/bugtraq/2019/Jun/8
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153224/Amcrest-IPM-7...
x_refsource_MISC
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/ma...
x_refsource_MISC

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-8229 : Credential Disclosure Vulnerability in Amcrest IPM-721S IP Cameras