var-201907-1080
Vulnerability from variot
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user's camera to an attacker's cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user's cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application. Amcrest IPM-721S Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Amcrest IPM-721S is a wireless IP camera from Amcrest. An unknown security vulnerability exists in the AmcrestIPM-721SV2.420.AC00.16.R.20160909 release
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ipm-721s",
"scope": "lte",
"trust": 1.0,
"vendor": "amcrest",
"version": "2.420.ac00.16.r.20160909"
},
{
"_id": null,
"model": "ipm-721s",
"scope": "eq",
"trust": 0.8,
"vendor": "amcrest",
"version": "2.420.ac00.16.r.20160909"
},
{
"_id": null,
"model": "ipm-721s v2.420.ac00.16.r.20160909",
"scope": null,
"trust": 0.6,
"vendor": "amcrest",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24195"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
},
{
"db": "NVD",
"id": "CVE-2017-8228"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:amcrest:ipm-721s_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
}
]
},
"credits": {
"_id": null,
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153224"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8228",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-8228",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-24195",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-116431",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-8228",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8228",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-8228",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-24195",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-199",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116431",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8228",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24195"
},
{
"db": "VULHUB",
"id": "VHN-116431"
},
{
"db": "VULMON",
"id": "CVE-2017-8228"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-199"
},
{
"db": "NVD",
"id": "CVE-2017-8228"
}
]
},
"description": {
"_id": null,
"data": "Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user\u0027s account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user\u0027s camera to an attacker\u0027s cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user\u0027s cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application. Amcrest IPM-721S Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Amcrest IPM-721S is a wireless IP camera from Amcrest. An unknown security vulnerability exists in the AmcrestIPM-721SV2.420.AC00.16.R.20160909 release",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8228"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
},
{
"db": "CNVD",
"id": "CNVD-2019-24195"
},
{
"db": "VULHUB",
"id": "VHN-116431"
},
{
"db": "VULMON",
"id": "CVE-2017-8228"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-8228",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153224",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-199",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-24195",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116431",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8228",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24195"
},
{
"db": "VULHUB",
"id": "VHN-116431"
},
{
"db": "VULMON",
"id": "CVE-2017-8228"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
},
{
"db": "PACKETSTORM",
"id": "153224"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-199"
},
{
"db": "NVD",
"id": "CVE-2017-8228"
}
]
},
"id": "VAR-201907-1080",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24195"
},
{
"db": "VULHUB",
"id": "VHN-116431"
}
],
"trust": 1.3470588399999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24195"
}
]
},
"last_update_date": "2024-11-23T21:59:49.431000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://amcrest.com/"
},
{
"title": "AmcrestIPM-721S has an unspecified vulnerability (CNVD-2019-24195) patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/170545"
},
{
"title": "Amcrest IPM-721S Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94393"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/amcrest-critical-security-issues/145507/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24195"
},
{
"db": "VULMON",
"id": "CVE-2017-8228"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-199"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116431"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
},
{
"db": "NVD",
"id": "CVE-2017-8228"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/amcrest_sec_issues.pdf"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8228"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153224/amcrest-ipm-721s-credential-disclosure-privilege-escalation.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8228"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/amcrest-critical-security-issues/145507/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8229"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24195"
},
{
"db": "VULHUB",
"id": "VHN-116431"
},
{
"db": "VULMON",
"id": "CVE-2017-8228"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
},
{
"db": "PACKETSTORM",
"id": "153224"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-199"
},
{
"db": "NVD",
"id": "CVE-2017-8228"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-24195",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-116431",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-8228",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014566",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153224",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201907-199",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-8228",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-07-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24195",
"ident": null
},
{
"date": "2019-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116431",
"ident": null
},
{
"date": "2019-07-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8228",
"ident": null
},
{
"date": "2019-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014566",
"ident": null
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153224",
"ident": null
},
{
"date": "2019-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-199",
"ident": null
},
{
"date": "2019-07-03T20:15:10.573000",
"db": "NVD",
"id": "CVE-2017-8228",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24195",
"ident": null
},
{
"date": "2019-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-116431",
"ident": null
},
{
"date": "2019-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8228",
"ident": null
},
{
"date": "2019-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014566",
"ident": null
},
{
"date": "2019-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-199",
"ident": null
},
{
"date": "2024-11-21T03:33:35.130000",
"db": "NVD",
"id": "CVE-2017-8228",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-199"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Amcrest IPM-721S Vulnerabilities related to authorization, authority, and access control in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014566"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-199"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.