Details of VAR-201907-1079

ID

VAR-201907-1079

CVE

CVE-2017-8227

TITLE

Amcrest IPM-721S Vulnerabilities related to security functions in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014565

DESCRIPTION

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that performs the credential check in the binary for the ONVIF specification. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 00671618 in IDA pro is parses the WSSE security token header. The sub_ 603D8 then performs the authentication check and if it is incorrect passes to the function sub_59F4C which prints the value "Sender not authorized.". Amcrest IPM-721S The device contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Amcrest IPM-721S is a wireless IP camera from Amcrest. A vulnerability exists in the AmcrestIPM-721SV2.420.AC00.16.R.20160909 release

Trust: 2.34

sources: NVD: CVE-2017-8227 // JVNDB: JVNDB-2017-014565 // CNVD: CNVD-2019-24191 // VULHUB: VHN-116430 // VULMON: CVE-2017-8227

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-24191

AFFECTED PRODUCTS

vendor:	amcrest	model:	ipm-721s	scope:	lte	version:	2.420.ac00.16.r.20160909	Trust: 1.0
vendor:	amcrest	model:	ipm-721s	scope:	eq	version:	2.420.ac00.16.r.20160909	Trust: 0.8
vendor:	amcrest	model:	ipm-721s v2.420.ac00.16.r.20160909	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-24191 // JVNDB: JVNDB-2017-014565 // NVD: CVE-2017-8227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8227
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-8227
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-24191
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-196
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-116430
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-8227
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-8227
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-24191
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116430
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8227
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-24191 // VULHUB: VHN-116430 // VULMON: CVE-2017-8227 // JVNDB: JVNDB-2017-014565 // CNNVD: CNNVD-201907-196 // NVD: CVE-2017-8227

PROBLEMTYPE DATA

problemtype:

CWE-254

Trust: 1.9

sources: VULHUB: VHN-116430 // JVNDB: JVNDB-2017-014565 // NVD: CVE-2017-8227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-196

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-196

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014565

PATCH

title:	Top Page	url:	https://amcrest.com/	Trust: 0.8
title:	AmcrestIPM-721S has an unspecified vulnerability (CNVD-2019-24191) patch	url:	https://www.cnvd.org.cn/patchInfo/show/170541	Trust: 0.6
title:	Amcrest IPM-721S Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94391	Trust: 0.6
title:	IoT_vulnerabilities	url:	https://github.com/ethanhunnt/IoT_vulnerabilities	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/amcrest-critical-security-issues/145507/	Trust: 0.1

sources: CNVD: CNVD-2019-24191 // VULMON: CVE-2017-8227 // JVNDB: JVNDB-2017-014565 // CNNVD: CNNVD-201907-196

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8227	Trust: 3.3
db:	PACKETSTORM	id:	153224	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-014565	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-196	Trust: 0.7
db:	CNVD	id:	CNVD-2019-24191	Trust: 0.6
db:	VULHUB	id:	VHN-116430	Trust: 0.1
db:	VULMON	id:	CVE-2017-8227	Trust: 0.1

sources: CNVD: CNVD-2019-24191 // VULHUB: VHN-116430 // VULMON: CVE-2017-8227 // JVNDB: JVNDB-2017-014565 // PACKETSTORM: 153224 // CNNVD: CNNVD-201907-196 // NVD: CVE-2017-8227

REFERENCES

url:	https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/amcrest_sec_issues.pdf	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8227	Trust: 2.1
url:	https://seclists.org/bugtraq/2019/jun/8	Trust: 1.8
url:	http://packetstormsecurity.com/files/153224/amcrest-ipm-721s-credential-disclosure-privilege-escalation.html	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8227	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/254.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/amcrest-critical-security-issues/145507/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8229	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8226	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8230	Trust: 0.1

CREDITS

Mandar Satam

Trust: 0.1

sources: PACKETSTORM: 153224

SOURCES

db:	CNVD	id:	CNVD-2019-24191
db:	VULHUB	id:	VHN-116430
db:	VULMON	id:	CVE-2017-8227
db:	JVNDB	id:	JVNDB-2017-014565
db:	PACKETSTORM	id:	153224
db:	CNNVD	id:	CNNVD-201907-196
db:	NVD	id:	CVE-2017-8227

LAST UPDATE DATE

2024-11-23T21:59:49.537000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-24191	date:	2019-07-24T00:00:00
db:	VULHUB	id:	VHN-116430	date:	2019-07-11T00:00:00
db:	VULMON	id:	CVE-2017-8227	date:	2019-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-014565	date:	2019-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201907-196	date:	2019-08-02T00:00:00
db:	NVD	id:	CVE-2017-8227	date:	2024-11-21T03:33:34.967

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-24191	date:	2019-07-22T00:00:00
db:	VULHUB	id:	VHN-116430	date:	2019-07-03T00:00:00
db:	VULMON	id:	CVE-2017-8227	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014565	date:	2019-07-12T00:00:00
db:	PACKETSTORM	id:	153224	date:	2019-06-07T15:06:02
db:	CNNVD	id:	CNNVD-201907-196	date:	2019-07-03T00:00:00
db:	NVD	id:	CVE-2017-8227	date:	2019-07-03T20:15:10.510