cnvd - cnvd-2019-24195

cnvd-2019-24195

Vulnerability from cnvd

Title: Amcrest IPM-721S存在未明漏洞（CNVD-2019-24195）

Description:

Amcrest IPM-721S是Amcrest公司的一款无线IP摄像头。

Amcrest IPM-721S V2.420.AC00.16.R.20160909版本中存在未明安全漏洞。攻击者可利用该漏洞将其他用户的摄像头添加到攻击者的云账户并完全控制该摄像头。

Severity: 中

Patch Name: Amcrest IPM-721S存在未明漏洞（CNVD-2019-24195）的补丁

Patch Description:

Amcrest IPM-721S是Amcrest公司的一款无线IP摄像头。

Amcrest IPM-721S V2.420.AC00.16.R.20160909版本中存在未明安全漏洞。攻击者可利用该漏洞将其他用户的摄像头添加到攻击者的云账户并完全控制该摄像头。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://amcrest.com/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8228

Impacted products

Name
Amcrest Amcrest IPM-721S V2.420.AC00.16.R.20160909

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8228",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2017-8228"
    }
  },
  "description": "Amcrest IPM-721S\u662fAmcrest\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebfIP\u6444\u50cf\u5934\u3002\n\nAmcrest IPM-721S V2.420.AC00.16.R.20160909\u7248\u672c\u4e2d\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u5176\u4ed6\u7528\u6237\u7684\u6444\u50cf\u5934\u6dfb\u52a0\u5230\u653b\u51fb\u8005\u7684\u4e91\u8d26\u6237\u5e76\u5b8c\u5168\u63a7\u5236\u8be5\u6444\u50cf\u5934\u3002",
  "discovererName": "ethanhunnt",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://amcrest.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-24195",
  "openTime": "2019-07-22",
  "patchDescription": "Amcrest IPM-721S\u662fAmcrest\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebfIP\u6444\u50cf\u5934\u3002\r\n\r\nAmcrest IPM-721S V2.420.AC00.16.R.20160909\u7248\u672c\u4e2d\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u5176\u4ed6\u7528\u6237\u7684\u6444\u50cf\u5934\u6dfb\u52a0\u5230\u653b\u51fb\u8005\u7684\u4e91\u8d26\u6237\u5e76\u5b8c\u5168\u63a7\u5236\u8be5\u6444\u50cf\u5934\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Amcrest IPM-721S\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-24195\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Amcrest Amcrest IPM-721S V2.420.AC00.16.R.20160909"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8228",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-16",
  "title": "Amcrest IPM-721S\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-24195\uff09"
}

CVE-2017-8228 (GCVE-0-2017-8228)

Vulnerability from cvelistv5

Published

2019-07-03 19:37

Modified

2024-08-05 16:27

Severity ?

CWE

Summary

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user's camera to an attacker's cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user's cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application.

References

▼	URL	Tags
	https://seclists.org/bugtraq/2019/Jun/8	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html	x_refsource_MISC
	https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:27:23.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190609 Newly releases IoT security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user\u0027s account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user\u0027s camera to an attacker\u0027s cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user\u0027s cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-03T19:38:23",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20190609 Newly releases IoT security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8228",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user\u0027s account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user\u0027s camera to an attacker\u0027s cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user\u0027s cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190609 Newly releases IoT security issues",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/8"
            },
            {
              "name": "http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html"
            },
            {
              "name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf",
              "refsource": "MISC",
              "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8228",
    "datePublished": "2019-07-03T19:37:45",
    "dateReserved": "2017-04-25T00:00:00",
    "dateUpdated": "2024-08-05T16:27:23.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted