Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2017-8230

Disclosure Date: July 03, 2019 •

CVE-2017-8230

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups “admin” and “user”. However, as a part of security analysis it was identified that a low privileged user who belongs to the “user” group and who has access to login in to the web administrative interface of the device can add a new administrative user to the interface using HTTP APIs provided by the device and perform all the actions as an administrative user by using that account. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary “sonia” is the one that has the vulnerable functions that performs the various action described in HTTP APIs. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 0x00429084 in IDA pro is the one that processes the HTTP API request for “addUser” action. If one traces the calls to this function, it can be clearly seen that the function sub 41F38C at address 0x0041F588 parses the call received from the browser and passes it to the “addUser” function without any authorization check.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

amcrest

Products

ipm-721s firmware

References

Canonical

CVE-2017-8230 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8230)

Miscellaneous

http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html

https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf

Rapid7

Unknown

CVE-2017-8230

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2017-8230

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2017-8230

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2017-8230

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification