CVE-2017-13719
- EPSS 3.3%
- Published 03.07.2019 20:15:10
- Last modified 21.11.2024 03:11:30
The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. Thi...
CVE-2017-8226
- EPSS 0.66%
- Published 03.07.2019 20:15:10
- Last modified 21.11.2024 03:33:34
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected u...
CVE-2017-8227
- EPSS 3.78%
- Published 03.07.2019 20:15:10
- Last modified 21.11.2024 03:33:34
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt i...
CVE-2017-8228
- EPSS 2.33%
- Published 03.07.2019 20:15:10
- Last modified 21.11.2024 03:33:35
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user a...
CVE-2017-8229
- EPSS 92.9%
- Published 03.07.2019 20:15:10
- Last modified 21.11.2024 03:33:35
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.ext...
CVE-2017-8230
- EPSS 0.5%
- Published 03.07.2019 20:15:10
- Last modified 21.11.2024 03:33:35
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who ...