CVE-2024-12984
Vulnerability from cvelistv5
Published
2024-12-27 14:31
Modified
2024-12-27 14:53
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
cna@vuldb.comhttps://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4
cna@vuldb.comhttps://vuldb.com/?ctiid.289377
cna@vuldb.comhttps://vuldb.com/?id.289377
cna@vuldb.comhttps://vuldb.com/?submit.461109
Impacted products
Vendor Product Version
Amcrest IP2M-841B Version: 20241211
 Create a notification for this product.
   Amcrest IP2M-841W Version: 20241211
 Create a notification for this product.
   Amcrest IPC-IP2M-841B Version: 20241211
 Create a notification for this product.
   Amcrest IPC-IP3M-943B Version: 20241211
 Create a notification for this product.
   Amcrest IPC-IP3M-943S Version: 20241211
 Create a notification for this product.
   Amcrest IPC-IP3M-HX2B Version: 20241211
 Create a notification for this product.
   Amcrest IPC-IPM-721S Version: 20241211
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12984",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-27T14:53:30.364152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-27T14:53:46.976Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Interface"
          ],
          "product": "IP2M-841B",
          "vendor": "Amcrest",
          "versions": [
            {
              "status": "affected",
              "version": "20241211"
            }
          ]
        },
        {
          "modules": [
            "Web Interface"
          ],
          "product": "IP2M-841W",
          "vendor": "Amcrest",
          "versions": [
            {
              "status": "affected",
              "version": "20241211"
            }
          ]
        },
        {
          "modules": [
            "Web Interface"
          ],
          "product": "IPC-IP2M-841B",
          "vendor": "Amcrest",
          "versions": [
            {
              "status": "affected",
              "version": "20241211"
            }
          ]
        },
        {
          "modules": [
            "Web Interface"
          ],
          "product": "IPC-IP3M-943B",
          "vendor": "Amcrest",
          "versions": [
            {
              "status": "affected",
              "version": "20241211"
            }
          ]
        },
        {
          "modules": [
            "Web Interface"
          ],
          "product": "IPC-IP3M-943S",
          "vendor": "Amcrest",
          "versions": [
            {
              "status": "affected",
              "version": "20241211"
            }
          ]
        },
        {
          "modules": [
            "Web Interface"
          ],
          "product": "IPC-IP3M-HX2B",
          "vendor": "Amcrest",
          "versions": [
            {
              "status": "affected",
              "version": "20241211"
            }
          ]
        },
        {
          "modules": [
            "Web Interface"
          ],
          "product": "IPC-IPM-721S",
          "vendor": "Amcrest",
          "versions": [
            {
              "status": "affected",
              "version": "20241211"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "netsecfish (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S bis 20241211 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /web_caps/webCapsConfig der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-27T14:31:05.483Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-289377 | Amcrest IP2M-841B Web Interface webCapsConfig information disclosure",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.289377"
        },
        {
          "name": "VDB-289377 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.289377"
        },
        {
          "name": "Submit #461109 | Amcrest IP2M-841W, IPC-IP3M-HX2B, IPC-IP2M-841B, IPC-IPM-721S, IPC-IP3M-943B, IPC-IP3M-943S, IP2M-841B  N/A Information Disclosure",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.461109"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-12-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-12-27T08:54:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Amcrest IP2M-841B Web Interface webCapsConfig information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-12984",
    "datePublished": "2024-12-27T14:31:05.483Z",
    "dateReserved": "2024-12-27T07:49:43.408Z",
    "dateUpdated": "2024-12-27T14:53:46.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-12984\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2024-12-27T15:15:11.957\",\"lastModified\":\"2024-12-27T15:15:11.957\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"LOW\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"NONE\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.289377\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.289377\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.461109\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12984\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-27T14:53:30.364152Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-27T14:53:42.517Z\"}}], \"cna\": {\"title\": \"Amcrest IP2M-841B Web Interface webCapsConfig information disclosure\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"netsecfish (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"Amcrest\", \"modules\": [\"Web Interface\"], \"product\": \"IP2M-841B\", \"versions\": [{\"status\": \"affected\", \"version\": \"20241211\"}]}, {\"vendor\": \"Amcrest\", \"modules\": [\"Web Interface\"], \"product\": \"IP2M-841W\", \"versions\": [{\"status\": \"affected\", \"version\": \"20241211\"}]}, {\"vendor\": \"Amcrest\", \"modules\": [\"Web Interface\"], \"product\": \"IPC-IP2M-841B\", \"versions\": [{\"status\": \"affected\", \"version\": \"20241211\"}]}, {\"vendor\": \"Amcrest\", \"modules\": [\"Web Interface\"], \"product\": \"IPC-IP3M-943B\", \"versions\": [{\"status\": \"affected\", \"version\": \"20241211\"}]}, {\"vendor\": \"Amcrest\", \"modules\": [\"Web Interface\"], \"product\": \"IPC-IP3M-943S\", \"versions\": [{\"status\": \"affected\", \"version\": \"20241211\"}]}, {\"vendor\": \"Amcrest\", \"modules\": [\"Web Interface\"], \"product\": \"IPC-IP3M-HX2B\", \"versions\": [{\"status\": \"affected\", \"version\": \"20241211\"}]}, {\"vendor\": \"Amcrest\", \"modules\": [\"Web Interface\"], \"product\": \"IPC-IPM-721S\", \"versions\": [{\"status\": \"affected\", \"version\": \"20241211\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-12-27T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2024-12-27T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2024-12-27T08:54:48.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.289377\", \"name\": \"VDB-289377 | Amcrest IP2M-841B Web Interface webCapsConfig information disclosure\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.289377\", \"name\": \"VDB-289377 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.461109\", \"name\": \"Submit #461109 | Amcrest IP2M-841W, IPC-IP3M-HX2B, IPC-IP2M-841B, IPC-IPM-721S, IPC-IP3M-943B, IPC-IP3M-943S, IP2M-841B  N/A Information Disclosure\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"}, {\"lang\": \"de\", \"value\": \"Es wurde eine Schwachstelle in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S bis 20241211 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /web_caps/webCapsConfig der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk passieren. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"Information Disclosure\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Controls\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2024-12-27T14:31:05.483Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-12984\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-27T14:53:46.976Z\", \"dateReserved\": \"2024-12-27T07:49:43.408Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2024-12-27T14:31:05.483Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.