122 matches found
CVE-2020-6652
CVE-2020-6652 affects Eaton Intelligent Power Manager (IPM) v1.67 and earlier. The vulnerability is an incorrect privilege assignment that lets non-admin users upload system configuration files by sending specially crafted requests, potentially enabling manipulation of configurations with paramet...
CVE-2020-6652 Incorrect privilege assignment allowing non-admin users to upload config files
Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager IPM v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the...
Unspecified vulnerability in Amcrest IPM-721S (CNVD-2019-24194)
The Amcrest IPM-721S is a wireless IP camera from Amcrest. A security vulnerability exists in the Amcrest IPM-721S V2.420.AC00.16.R.20160909 release. An attacker can exploit the vulnerability to download administrative credentials...
Unspecified vulnerability in Amcrest IPM-721S (CNVD-2019-24191)
The Amcrest IPM-721S is a wireless IP camera from Amcrest. A vulnerability exists in the Amcrest IPM-721S V2.420.AC00.16.R.20160909 release. An attacker can use the vulnerability to bypass account protection mechanisms and brute-force credentials...
Unspecified vulnerability in Amcrest IPM-721S (CNVD-2019-24190)
The Amcrest IPM-721S is a wireless IP camera from Amcrest. An unspecified vulnerability exists in the Amcrest IPM-721S V2.420.AC00.16.R.20160909 release. An attacker can exploit the vulnerability by leveraging HTTP APIs to add an administrative user to the web management interface and perform...
Amcrest IPM-721S License Issue Vulnerability
The Amcrest IPM-721S is a wireless IP camera from Amcrest. An authorization issue vulnerability exists in the Amcrest IPM-721S V2.420.AC00.16.R.20160909 release. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a networked system or product...
CVE-2017-8229
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a user-x.squashfs.img.extracted archive which contains the filesystem set...
CVE-2017-8227
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification which...
CVE-2017-8227
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification which...
CVE-2017-8226
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...
CVE-2017-8229
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a user-x.squashfs.img.extracted archive which contains the filesystem set...
CVE-2017-8230
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrativ...
Authentication flaw
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification which...
Authorization
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrativ...
Authentication flaw
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a user-x.squashfs.img.extracted archive which contains the filesystem set...
CVE-2017-8228
Amcrest IPM-721S (V2.420.AC00.16.R.20160909) contains a vulnerability (CVE-2017-8228) where Amcrest cloud verification for adding cameras to a user’s account is insufficient. An attacker who knows a camera’s serial number and the user’s recent reboot window can add another user’s camera to their ...
CVE-2017-8227
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices expose a credential-bruteforce risk via ONVIF: account lockout is bypassed, allowing credential guesswork and potential takeover. Root cause is a vulnerable ONVIF authentication path in the binary (sonia) that does not enforce the 5-minute timeou...
CVE-2017-8227
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification which...
CVE-2017-8230
The CVE-2017-8230 entry concerns Amcrest IPM-721S devices with firmware V2.420.AC00.16.R.20160909. A low-privilege user can authenticate to the web admin interface and add a new admin account via HTTP APIs, gaining full admin capabilities. The root cause is an authorization bypass in the HTTP API...
CVE-2017-8230
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrativ...