Vulnerabilities > Amcrest

DATE CVE VULNERABILITY TITLE RISK
2020-04-08 CVE-2020-5736 NULL Pointer Dereference vulnerability in Amcrest products
Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777.
network
low complexity
amcrest CWE-476
6.5
2020-04-08 CVE-2020-5735 Out-of-bounds Write vulnerability in Amcrest products
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777.
network
low complexity
amcrest CWE-787
8.8
2020-01-18 CVE-2020-7222 Improper Authentication vulnerability in Amcrest web Server 2.520.Ac00.18.R
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504.
network
low complexity
amcrest CWE-287
5.3
2019-07-29 CVE-2019-3948 Missing Authentication for Critical Function vulnerability in multiple products
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk.
network
low complexity
amcrest dahua CWE-306
7.5
2019-07-03 CVE-2017-8230 Permissions, Privileges, and Access Controls vulnerability in Amcrest Ipm-721S Firmware 2.420.Ac00.16.R.20160909
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user".
network
low complexity
amcrest CWE-264
8.8
2019-07-03 CVE-2017-8229 Credentials Management vulnerability in Amcrest Ipm-721S Firmware 2.420.Ac00.16.R.20160909
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials.
network
low complexity
amcrest CWE-255
critical
9.8
2019-07-03 CVE-2017-8228 Permissions, Privileges, and Access Controls vulnerability in Amcrest Ipm-721S Firmware 2.420.Ac00.16.R.20160909
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours.
network
low complexity
amcrest CWE-264
8.8
2019-07-03 CVE-2017-8227 7PK - Security Features vulnerability in Amcrest Ipm-721S Firmware 2.420.Ac00.16.R.20160909
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device.
network
low complexity
amcrest CWE-254
critical
9.8
2019-07-03 CVE-2017-8226 Use of Hard-coded Credentials vulnerability in Amcrest Ipm-721S Firmware 2.420.Ac00.16.R.20160909
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them.
network
low complexity
amcrest CWE-798
critical
9.8
2019-07-03 CVE-2017-13719 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Amcrest Ipm-721S Firmware Amcrestipcawxxengnv2.420.Ac00.17.R.20170322
The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application.
network
low complexity
amcrest CWE-119
critical
9.8