Details of VAR-201907-1082

ID

VAR-201907-1082

CVE

CVE-2017-8230

TITLE

Amcrest IPM-721S Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014568

DESCRIPTION

On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrative interface of the device can add a new administrative user to the interface using HTTP APIs provided by the device and perform all the actions as an administrative user by using that account. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable functions that performs the various action described in HTTP APIs. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 0x00429084 in IDA pro is the one that processes the HTTP API request for "addUser" action. If one traces the calls to this function, it can be clearly seen that the function sub_ 41F38C at address 0x0041F588 parses the call received from the browser and passes it to the "addUser" function without any authorization check. Amcrest IPM-721S Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Amcrest IPM-721S is a wireless IP camera from Amcrest. An unknown vulnerability exists in the AmcrestIPM-721SV2.420.AC00.16.R.20160909 release. There is a security vulnerability in the Amcrest IPM-721S V2.420.AC00.16.R.20160909 version

Trust: 2.34

sources: NVD: CVE-2017-8230 // JVNDB: JVNDB-2017-014568 // CNVD: CNVD-2019-24190 // VULHUB: VHN-116433 // VULMON: CVE-2017-8230

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-24190

AFFECTED PRODUCTS

vendor:	amcrest	model:	ipm-721s	scope:	lte	version:	2.420.ac00.16.r.20160909	Trust: 1.0
vendor:	amcrest	model:	ipm-721s	scope:	eq	version:	2.420.ac00.16.r.20160909	Trust: 0.8
vendor:	amcrest	model:	ipm-721s v2.420.ac00.16.r.20160909	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-24190 // JVNDB: JVNDB-2017-014568 // NVD: CVE-2017-8230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8230
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8230
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-24190
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-198
value:	HIGH
Trust: 0.6
VULHUB:	VHN-116433
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-8230
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-8230
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-24190
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116433
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8230
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-24190 // VULHUB: VHN-116433 // VULMON: CVE-2017-8230 // JVNDB: JVNDB-2017-014568 // CNNVD: CNNVD-201907-198 // NVD: CVE-2017-8230

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-116433 // JVNDB: JVNDB-2017-014568 // NVD: CVE-2017-8230

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-198

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201907-198

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014568

PATCH

title:	Top Page	url:	https://amcrest.com/	Trust: 0.8
title:	Threatpost	url:	https://threatpost.com/amcrest-critical-security-issues/145507/	Trust: 0.1

sources: VULMON: CVE-2017-8230 // JVNDB: JVNDB-2017-014568

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8230	Trust: 3.3
db:	PACKETSTORM	id:	153224	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-014568	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-198	Trust: 0.7
db:	CNVD	id:	CNVD-2019-24190	Trust: 0.6
db:	VULHUB	id:	VHN-116433	Trust: 0.1
db:	VULMON	id:	CVE-2017-8230	Trust: 0.1

sources: CNVD: CNVD-2019-24190 // VULHUB: VHN-116433 // VULMON: CVE-2017-8230 // JVNDB: JVNDB-2017-014568 // PACKETSTORM: 153224 // CNNVD: CNNVD-201907-198 // NVD: CVE-2017-8230

REFERENCES

url:	https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/amcrest_sec_issues.pdf	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8230	Trust: 2.1
url:	http://packetstormsecurity.com/files/153224/amcrest-ipm-721s-credential-disclosure-privilege-escalation.html	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8230	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/amcrest-critical-security-issues/145507/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8229	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8227	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8226	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13719	Trust: 0.1

CREDITS

Mandar Satam

Trust: 0.1

sources: PACKETSTORM: 153224

SOURCES

db:	CNVD	id:	CNVD-2019-24190
db:	VULHUB	id:	VHN-116433
db:	VULMON	id:	CVE-2017-8230
db:	JVNDB	id:	JVNDB-2017-014568
db:	PACKETSTORM	id:	153224
db:	CNNVD	id:	CNNVD-201907-198
db:	NVD	id:	CVE-2017-8230

LAST UPDATE DATE

2024-11-23T21:59:49.575000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-24190	date:	2019-07-24T00:00:00
db:	VULHUB	id:	VHN-116433	date:	2019-07-11T00:00:00
db:	VULMON	id:	CVE-2017-8230	date:	2019-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-014568	date:	2019-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201907-198	date:	2019-07-12T00:00:00
db:	NVD	id:	CVE-2017-8230	date:	2024-11-21T03:33:35.470

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-24190	date:	2019-07-22T00:00:00
db:	VULHUB	id:	VHN-116433	date:	2019-07-03T00:00:00
db:	VULMON	id:	CVE-2017-8230	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-014568	date:	2019-07-12T00:00:00
db:	PACKETSTORM	id:	153224	date:	2019-06-07T15:06:02
db:	CNNVD	id:	CNNVD-201907-198	date:	2019-07-03T00:00:00
db:	NVD	id:	CVE-2017-8230	date:	2019-07-03T20:15:10.697