What is the severity of CVE-2017-8228?

The severity of CVE-2017-8228 is high with a CVSS score of 8.8.

What is the vulnerability in Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices?

The vulnerability is that these devices mishandle reboots within the past two hours.

How does Amcrest cloud services contribute to the vulnerability?

Amcrest cloud services do not perform thorough verification when adding a new camera, allowing unauthorized access.

Is Amcrest IPM-721S V2.420.AC00.16.R.20160909 firmware affected?

Yes, Amcrest IPM-721S V2.420.AC00.16.R.20160909 firmware is affected.

How can I fix the CVE-2017-8228 vulnerability?

To fix the vulnerability, it is recommended to update the Amcrest IPM-721S firmware to a secure version.

Vulnerability/
CVE-2017-8228

high

8.8

CWE

264

3/7/2019

11/7/2019

CVE-2017-8228

First published: Wed Jul 03 2019(Updated: )

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user's camera to an attacker's cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user's cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Amcrest Ipm-721s Firmware	<=2.420.ac00.16.r.20160909
Amcrest IPM-721S

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-8228?
The severity of CVE-2017-8228 is high with a CVSS score of 8.8.
What is the vulnerability in Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices?
The vulnerability is that these devices mishandle reboots within the past two hours.
How does Amcrest cloud services contribute to the vulnerability?
Amcrest cloud services do not perform thorough verification when adding a new camera, allowing unauthorized access.
Is Amcrest IPM-721S V2.420.AC00.16.R.20160909 firmware affected?
Yes, Amcrest IPM-721S V2.420.AC00.16.R.20160909 firmware is affected.
How can I fix the CVE-2017-8228 vulnerability?
To fix the vulnerability, it is recommended to update the Amcrest IPM-721S firmware to a secure version.

collector/nvd-index
vendor/amcrest
product/ipm-721s firmware
canonical/amcrest ipm-721s firmware
product/ipm-721s
canonical/amcrest ipm-721s

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.