ID
VAR-201907-1081
CVE
CVE-2017-8229
TITLE
Amcrest IPM-721S Vulnerabilities related to certificate and password management in devices
Trust: 0.8
DESCRIPTION
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication. Amcrest IPM-721S The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Amcrest IPM-721S is a wireless IP camera from Amcrest. A security vulnerability exists in the AmcrestIPM-721SV2.420.AC00.16.R.20160909 release
Trust: 2.34
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | amcrest | model: | ipm-721s | scope: | lte | version: | 2.420.ac00.16.r.20160909 | Trust: 1.0 |
| vendor: | amcrest | model: | ipm-721s | scope: | eq | version: | 2.420.ac00.16.r.20160909 | Trust: 0.8 |
| vendor: | amcrest | model: | ipm-721s v2.420.ac00.16.r.20160909 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
trust management problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Top Page | url: | https://amcrest.com/ | Trust: 0.8 |
| title: | AmcrestIPM-721S has an unspecified vulnerability (CNVD-2019-24194) patch | url: | https://www.cnvd.org.cn/patchInfo/show/170547 | Trust: 0.6 |
| title: | Amcrest IPM-721S Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94394 | Trust: 0.6 |
| title: | IoT_vulnerabilities | url: | https://github.com/ethanhunnt/IoT_vulnerabilities | Trust: 0.1 |
| title: | Threatpost | url: | https://threatpost.com/amcrest-critical-security-issues/145507/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-8229 | Trust: 3.3 |
| db: | PACKETSTORM | id: | 153224 | Trust: 1.9 |
| db: | JVNDB | id: | JVNDB-2017-014567 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201907-200 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-24194 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-116432 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-8229 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/amcrest_sec_issues.pdf | Trust: 2.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-8229 | Trust: 2.1 |
| url: | https://seclists.org/bugtraq/2019/jun/8 | Trust: 1.8 |
| url: | http://packetstormsecurity.com/files/153224/amcrest-ipm-721s-credential-disclosure-privilege-escalation.html | Trust: 1.8 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8229 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/255.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://threatpost.com/amcrest-critical-security-issues/145507/ | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-8227 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-8226 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-8228 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-13719 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-8230 | Trust: 0.1 |
CREDITS
Mandar Satam
Trust: 0.1
SOURCES
| db: | CNVD | id: | CNVD-2019-24194 |
| db: | VULHUB | id: | VHN-116432 |
| db: | VULMON | id: | CVE-2017-8229 |
| db: | JVNDB | id: | JVNDB-2017-014567 |
| db: | PACKETSTORM | id: | 153224 |
| db: | CNNVD | id: | CNNVD-201907-200 |
| db: | NVD | id: | CVE-2017-8229 |
LAST UPDATE DATE
2024-11-23T21:59:49.610000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-24194 | date: | 2019-07-24T00:00:00 |
| db: | VULHUB | id: | VHN-116432 | date: | 2019-07-11T00:00:00 |
| db: | VULMON | id: | CVE-2017-8229 | date: | 2019-07-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014567 | date: | 2019-07-12T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-200 | date: | 2019-07-12T00:00:00 |
| db: | NVD | id: | CVE-2017-8229 | date: | 2024-11-21T03:33:35.303 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-24194 | date: | 2019-07-22T00:00:00 |
| db: | VULHUB | id: | VHN-116432 | date: | 2019-07-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-8229 | date: | 2019-07-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014567 | date: | 2019-07-12T00:00:00 |
| db: | PACKETSTORM | id: | 153224 | date: | 2019-06-07T15:06:02 |
| db: | CNNVD | id: | CNNVD-201907-200 | date: | 2019-07-03T00:00:00 |
| db: | NVD | id: | CVE-2017-8229 | date: | 2019-07-03T20:15:10.633 |