Multiple IP Cameras Configuration Download Vulnerability

Published: 2019-06-11 09:04:55
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Detection Type:
Remote Vulnerability

Solution Type:
None Available

Summary:
Multiple IP Cameras (e.g. Amcrest IPM-721S) are prone to an unauthenticated configuration file download vulnerability.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
The file /current_config/Sha1Account1 is accessible without authentication which contains unencrypted credentials.

Impact:
An unauthenticated attacker may obtain sensitive information like admin credentials and use this for further attacks.

Recommendations:
No known solution is available as of 25th June, 2019. Information regarding this issue will be updated once solution details are available.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-8229

CVE Analysis

https://www.mageni.net/cve/CVE-2017-8229

References:

https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf

Severity
High
CVSS Score
10.0
Published
2019-06-11
Modified
2019-06-25
Category
Web application abuses

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.