Vulnerabilities > Amcrest
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-5736 | NULL Pointer Dereference vulnerability in Amcrest products Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. | 6.8 |
| 2020-04-08 | CVE-2020-5735 | Out-of-bounds Write vulnerability in Amcrest products Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. | 8.0 |
| 2020-01-18 | CVE-2020-7222 | Improper Authentication vulnerability in Amcrest web Server 2.520.Ac00.18.R An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. | 5.0 |
| 2019-07-29 | CVE-2019-3948 | Missing Authentication for Critical Function vulnerability in multiple products The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. | 5.0 |
| 2019-07-03 | CVE-2017-8230 | Permissions, Privileges, and Access Controls vulnerability in Amcrest Ipm-721S Firmware On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". | 4.0 |
| 2019-07-03 | CVE-2017-8229 | Credentials Management vulnerability in Amcrest Ipm-721S Firmware Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. | 5.0 |
| 2019-07-03 | CVE-2017-8228 | Permissions, Privileges, and Access Controls vulnerability in Amcrest Ipm-721S Firmware Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. | 6.8 |
| 2019-07-03 | CVE-2017-8227 | 7PK - Security Features vulnerability in Amcrest Ipm-721S Firmware Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. | 5.0 |
| 2019-07-03 | CVE-2017-8226 | Use of Hard-coded Credentials vulnerability in Amcrest Ipm-721S Firmware Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. | 7.5 |
| 2019-07-03 | CVE-2017-13719 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Amcrest Ipm-721S Firmware Amcrestipcawxxengnv2.420.Ac00.17.R.20170322 The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. | 7.5 |