Sign-up

ID

VAR-201907-1046


CVE

CVE-2017-13719


TITLE

Amcrest IPM-721S Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-014578 // CNNVD: CNNVD-201708-1162

DESCRIPTION

The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encoded in the Authorization HTTP header. However, a missing length check in the code allows an attacker to send a string of 1024 characters in the password field, and allows an attacker to exploit a memory corruption issue. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 is dissected using the binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that has many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that performs the credential check in the binary for the HTTP API specification. If we open this binary in IDA Pro we will notice that this follows an ARM little-endian format. The function at address 00415364 in IDA Pro starts the HTTP authentication process. This function calls another function at sub_ 0042CCA0 at address 0041549C. This function performs a strchr operation after base64 decoding the credentials, and stores the result on the stack, which results in a stack-based buffer overflow. Amcrest IPM-721S Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Amcrest IPM-721S is a wireless IP camera from Amcrest. A security vulnerability exists in the Amcrest IPM-721S using firmware version Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322

Trust: 1.8

sources: NVD: CVE-2017-13719 // JVNDB: JVNDB-2017-014578 // VULHUB: VHN-104369 // VULMON: CVE-2017-13719

IOT TAXONOMY

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:amcrestmodel:ipm-721sscope:eqversion:amcrest_ipc-awxx_eng_n_v2.420.ac00.17.r.20170322

Trust: 1.8

sources: JVNDB: JVNDB-2017-014578 // NVD: CVE-2017-13719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13719
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-13719
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201708-1162
value: CRITICAL

Trust: 0.6

VULHUB: VHN-104369
value: HIGH

Trust: 0.1

VULMON: CVE-2017-13719
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-13719
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-104369
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13719
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104369 // VULMON: CVE-2017-13719 // JVNDB: JVNDB-2017-014578 // CNNVD: CNNVD-201708-1162 // NVD: CVE-2017-13719

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-104369 // JVNDB: JVNDB-2017-014578 // NVD: CVE-2017-13719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1162

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201708-1162

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014578

PATCH
title:Top Pageurl:https://amcrest.com/
Trust: 0.8
title:Amcrest IPM-721S Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94432
Trust: 0.6
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-13719 // 
            
            
            
            JVNDB: JVNDB-2017-014578 // 
            
            
            
            CNNVD: CNNVD-201708-1162

EXTERNAL IDS
db:NVDid:CVE-2017-13719
Trust: 2.8
db:PACKETSTORMid:153224
Trust: 1.9
db:JVNDBid:JVNDB-2017-014578
Trust: 0.8
db:CNNVDid:CNNVD-201708-1162
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-104369
Trust: 0.1
db:VULMONid:CVE-2017-13719
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-104369 // 
            
            
            
            VULMON: CVE-2017-13719 // 
            
            
            
            JVNDB: JVNDB-2017-014578 // 
            
            
            
            PACKETSTORM: 153224 // 
            
            
            
            CNNVD: CNNVD-201708-1162 // 
            
            
            
            NVD: CVE-2017-13719

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/amcrest_sec_issues.pdf
Trust: 2.6
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 1.8
url:http://packetstormsecurity.com/files/153224/amcrest-ipm-721s-credential-disclosure-privilege-escalation.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13719
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13719
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8229
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8227
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8226
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8228
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8230
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-104369 // 
            
            
            
            VULMON: CVE-2017-13719 // 
            
            
            
            JVNDB: JVNDB-2017-014578 // 
            
            
            
            PACKETSTORM: 153224 // 
            
            
            
            CNNVD: CNNVD-201708-1162 // 
            
            
            
            NVD: CVE-2017-13719

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153224

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-104369
db:VULMONid:CVE-2017-13719
db:JVNDBid:JVNDB-2017-014578
db:PACKETSTORMid:153224
db:CNNVDid:CNNVD-201708-1162
db:NVDid:CVE-2017-13719

LAST UPDATE DATE
2025-01-30T22:31:06.719000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104369date:2019-07-17T00:00:00
db:VULMONid:CVE-2017-13719date:2019-07-17T00:00:00
db:JVNDBid:JVNDB-2017-014578date:2019-07-19T00:00:00
db:CNNVDid:CNNVD-201708-1162date:2019-07-18T00:00:00
db:NVDid:CVE-2017-13719date:2024-11-21T03:11:30.360

SOURCES RELEASE DATE
db:VULHUBid:VHN-104369date:2019-07-03T00:00:00
db:VULMONid:CVE-2017-13719date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2017-014578date:2019-07-19T00:00:00
db:PACKETSTORMid:153224date:2019-06-07T15:06:02
db:CNNVDid:CNNVD-201708-1162date:2017-08-29T00:00:00
db:NVDid:CVE-2017-13719date:2019-07-03T20:15:10.337