Sign-up

ID

VAR-201907-0246


CVE

CVE-2019-3948


TITLE

Amcrest IP2M-841B IP Camera firmware Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007425

DESCRIPTION

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device. Amcrest IP2M-841B IP Camera firmware Contains an authentication vulnerability.Information may be obtained. The Amcrest IP2M-841B is an IP camera from Amcrest

Trust: 2.34

sources: NVD: CVE-2019-3948 // JVNDB: JVNDB-2019-007425 // CNVD: CNVD-2019-25804 // VULHUB: VHN-155383 // VULMON: CVE-2019-3948

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-25804

AFFECTED PRODUCTS

vendor:amcrestmodel:ip2m-841bscope:eqversion:2.520.ac00.18.r

Trust: 1.8

vendor:dahuamodel:ipc-xxbxxscope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:dh-sd6xxxxxscope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:nvr5xxx-4ks2scope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:dh-ipc-hx883xscope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:dh-ipc-hx863xscope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:dh-sd5xxxxxscope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:ipc-hx4x3xscope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:nvr2xxx-4ks2scope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:ipc-hx5x3xscope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:nvr4xxx-4ks2scope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:dh-sd4xxxxxscope:ltversion:2018-05-18

Trust: 1.0

vendor:dahuamodel:dh-ipc-hx863xscope: - version: -

Trust: 0.8

vendor:dahuamodel:dh-ipc-hx883xscope: - version: -

Trust: 0.8

vendor:dahuamodel:dh-sd4xxxxxscope: - version: -

Trust: 0.8

vendor:dahuamodel:dh-sd5xxxxxscope: - version: -

Trust: 0.8

vendor:dahuamodel:dh-sd6xxxxxscope: - version: -

Trust: 0.8

vendor:dahuamodel:ipc-hx4x3xscope: - version: -

Trust: 0.8

vendor:dahuamodel:ipc-hx5x3xscope: - version: -

Trust: 0.8

vendor:dahuamodel:ipc-xxbxxscope: - version: -

Trust: 0.8

vendor:dahuamodel:nvr2xxx-4ks2scope: - version: -

Trust: 0.8

vendor:amcrestmodel:ip2m-841b 2.520.ac00.18.rscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-25804 // JVNDB: JVNDB-2019-007425 // NVD: CVE-2019-3948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3948
value: HIGH

Trust: 1.0

NVD: CVE-2019-3948
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-25804
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1485
value: HIGH

Trust: 0.6

VULHUB: VHN-155383
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-3948
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3948
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-25804
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-155383
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3948
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-25804 // VULHUB: VHN-155383 // VULMON: CVE-2019-3948 // JVNDB: JVNDB-2019-007425 // CNNVD: CNNVD-201907-1485 // NVD: CVE-2019-3948

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-155383 // JVNDB: JVNDB-2019-007425 // NVD: CVE-2019-3948

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1485

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1485

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007425

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2019-3948

PATCH
title:IP2M-841B (Black)url:https://amcrest.com/amcrest-1080p-wifi-video-security-ip-camera-pt.html
Trust: 0.8
title:Top Pageurl:http://www.dahuasecurity.com/
Trust: 0.8
title:AmcrestIP2M-841B authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/173073
Trust: 0.6
title:Amcrest IP2M-841B Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95601
Trust: 0.6
title:Gobyurl:https://github.com/retr0-13/Goby 
Trust: 0.1
title: - url:https://github.com/20142995/Goby 
Trust: 0.1
title:sec-daily-2019url:https://github.com/alphaSeclab/sec-daily-2019 
Trust: 0.1
title:Threatposturl:https://threatpost.com/trivial-bug-turns-home-security-cameras-into-listening-posts/146835/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-25804 // 
            
            
            
            VULMON: CVE-2019-3948 // 
            
            
            
            JVNDB: JVNDB-2019-007425 // 
            
            
            
            CNNVD: CNNVD-201907-1485

EXTERNAL IDS
db:NVDid:CVE-2019-3948
Trust: 3.2
db:TENABLEid:TRA-2019-36
Trust: 2.6
db:PACKETSTORMid:153813
Trust: 1.8
db:JVNDBid:JVNDB-2019-007425
Trust: 0.8
db:CNNVDid:CNNVD-201907-1485
Trust: 0.7
db:EXPLOIT-DBid:47188
Trust: 0.7
db:CNVDid:CNVD-2019-25804
Trust: 0.6
db:VULHUBid:VHN-155383
Trust: 0.1
db:VULMONid:CVE-2019-3948
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-25804 // 
            
            
            
            VULHUB: VHN-155383 // 
            
            
            
            VULMON: CVE-2019-3948 // 
            
            
            
            JVNDB: JVNDB-2019-007425 // 
            
            
            
            CNNVD: CNNVD-201907-1485 // 
            
            
            
            NVD: CVE-2019-3948

REFERENCES
url:http://packetstormsecurity.com/files/153813/amcrest-cameras-2.520.ac00.18.r-unauthenticated-audio-streaming.html
Trust: 3.0
url:https://www.tenable.com/security/research/tra-2019-36
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-3948
Trust: 2.0
url:https://us.dahuasecurity.com/wp-content/uploads/2019/08/cybersecurity_2019-08-02.pdf
Trust: 1.8
url:https://www.dahuasecurity.com/support/cybersecurity/details/627?us
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3948
Trust: 0.8
url:https://www.exploit-db.com/exploits/47188
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/trivial-bug-turns-home-security-cameras-into-listening-posts/146835/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-25804 // 
            
            
            
            VULHUB: VHN-155383 // 
            
            
            
            VULMON: CVE-2019-3948 // 
            
            
            
            JVNDB: JVNDB-2019-007425 // 
            
            
            
            CNNVD: CNNVD-201907-1485 // 
            
            
            
            NVD: CVE-2019-3948

CREDITS
Jacob Baines
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201907-1485

SOURCES
db:CNVDid:CNVD-2019-25804
db:VULHUBid:VHN-155383
db:VULMONid:CVE-2019-3948
db:JVNDBid:JVNDB-2019-007425
db:CNNVDid:CNNVD-201907-1485
db:NVDid:CVE-2019-3948

LAST UPDATE DATE
2024-11-23T22:51:43.811000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-25804date:2019-08-05T00:00:00
db:VULHUBid:VHN-155383date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-3948date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-007425date:2019-08-09T00:00:00
db:CNNVDid:CNNVD-201907-1485date:2020-08-25T00:00:00
db:NVDid:CVE-2019-3948date:2024-11-21T04:42:55.520

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-25804date:2019-08-05T00:00:00
db:VULHUBid:VHN-155383date:2019-07-29T00:00:00
db:VULMONid:CVE-2019-3948date:2019-07-29T00:00:00
db:JVNDBid:JVNDB-2019-007425date:2019-08-09T00:00:00
db:CNNVDid:CNNVD-201907-1485date:2019-07-29T00:00:00
db:NVDid:CVE-2019-3948date:2019-07-29T22:15:12.253