CVE-2017-8229 – CVE-2017-8229 allows unauthenticated attackers ... (How to Fix)

Q: What is the severity of CVE-2017-8229?

CVE-2017-8229 has a CVSS score of 9.8 (CRITICAL). CVE-2017-8229 allows unauthenticated attackers to download administrative credentials from Amcrest IPM-721S cameras by accessing configuration files via a web URL. This affects devices running specific vulnerable firmware versions, enabling complete device compromise.

📋 TL;DR

CVE-2017-8229 allows unauthenticated attackers to download administrative credentials from Amcrest IPM-721S cameras by accessing configuration files via a web URL. This affects devices running specific vulnerable firmware versions, enabling complete device compromise.

💻 Affected Systems

Products:

Amcrest IPM-721S

Versions: Firmware version V2.420.AC00.16.R (specifically build from 2016-09-09)

Operating Systems: Embedded Linux on Amcrest devices

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific firmware build. Other Amcrest models may have similar issues but not confirmed for this CVE.

📦 What is this software?

Ipm 721s Firmware by Amcrest

View all CVEs affecting Ipm 721s Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device takeover, credential theft, camera control hijacking, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Administrative credential theft leading to unauthorized camera access, video feed interception, and device configuration changes.

🟢

If Mitigated

Limited impact if device is isolated behind firewalls with strict network segmentation and credential rotation.

🌐 Internet-Facing: HIGH - Direct internet exposure allows remote attackers to steal credentials without authentication.

🏢 Internal Only: MEDIUM - Internal attackers can exploit if network access is available, but requires local network presence.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP GET request to /current_config/Sha1Account1 or similar paths. Public exploit scripts and detailed analysis available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later firmware versions (specific version not documented in CVE)

Vendor Advisory: No official vendor advisory found in references

Restart Required: Yes

Instructions:

1. Check current firmware version via web interface. 2. Download latest firmware from Amcrest support site. 3. Upload via web interface. 4. Reboot device after update.

🔧 Temporary Workarounds

Network Isolation

linux

Block external access to camera web interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Access Control Restriction

linux

Restrict web interface access to specific IP addresses

iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Isolate device on separate VLAN with no internet access
Change all credentials and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

curl -v http://[camera-ip]/current_config/Sha1Account1 - if returns credential file without authentication, device is vulnerable

Check Version:

Check web interface System Information page or via SNMP if enabled

Verify Fix Applied:

Attempt same curl command - should return 401/403 error or require authentication after patch

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to /current_config/* paths in web logs
Multiple failed login attempts followed by successful access

Network Indicators:

HTTP GET requests to /current_config/Sha1Account1 from unauthorized IPs
Unusual outbound connections from camera

SIEM Query:

source="camera_web_logs" AND uri_path="/current_config/*" AND auth_status="unauthenticated"

📊 Metadata

CVE ID: CVE-2017-8229

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-255

Published: July 3, 2019

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html Third Party Advisory,VDB Entry
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf Exploit,Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/8 Mailing List,Third Party Advisory
http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html Third Party Advisory,VDB Entry
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf Exploit,Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/8 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-8229, you might also want to check these: