CVE-2024-12984

5.3 MEDIUM

📋 TL;DR

This vulnerability in Amcrest IP cameras allows remote attackers to access sensitive information through the web interface. It affects multiple Amcrest camera models up to December 11, 2024. The information disclosure could expose camera configuration details or other sensitive data.

💻 Affected Systems

Products:

• Amcrest IP2M-841B
• Amcrest IP2M-841W
• Amcrest IPC-IP2M-841B
• Amcrest IPC-IP3M-943B
• Amcrest IPC-IP3M-943S
• Amcrest IPC-IP3M-HX2B
• Amcrest IPC-IPM-721S

Versions: All versions up to 20241211

Operating Systems: Embedded camera firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface component specifically through the /web_caps/webCapsConfig endpoint.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain camera credentials, network configuration, or other sensitive information that could lead to further compromise of the camera or network.

🟠

Likely Case

Unauthorized access to camera configuration files containing device information, network settings, or other operational data.

🟢

If Mitigated

Limited exposure of non-critical configuration information with no access to credentials or sensitive data.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and cameras are often exposed to the internet for remote access.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to gather information about camera configurations and network topology.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed and require only HTTP access to the camera's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor Amcrest website for firmware updates addressing CVE-2024-12984.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict camera network access to prevent unauthorized access to web interface

Access Control Lists

linux

Implement firewall rules to block external access to camera web interface

Copy

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

• Isolate cameras on separate VLAN with strict access controls
• Disable remote web interface access and use VPN for management

🔍 How to Verify

Check if Vulnerable:

Copy

Attempt to access http://[camera_ip]/web_caps/webCapsConfig and check if sensitive information is returned

Check Version:

Copy

Check camera firmware version in web interface under Setup > System > System Information

Verify Fix Applied:

Copy

Test the same endpoint after applying controls to ensure no sensitive information is disclosed

📡 Detection & Monitoring

Log Indicators:

• HTTP requests to /web_caps/webCapsConfig endpoint
• Unusual access patterns to camera web interface

Network Indicators:

• HTTP GET requests to /web_caps/webCapsConfig from unauthorized sources

SIEM Query:

Copy

source="camera_logs" AND url="/web_caps/webCapsConfig"

📊 Metadata

CVE ID: CVE-2024-12984

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: December 27, 2024

Last Updated: December 27, 2024

🔗 References

• https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4
• https://vuldb.com/?ctiid.289377
• https://vuldb.com/?id.289377
• https://vuldb.com/?submit.461109

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12984, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)

CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)

CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)