We weren’t able to track down an advisory from Amcrest, but Synopsys posted outlines of each on Bugtraq. The flawsĪccording to Threatpost, which spoke to the Synopsys researcher who uncovered the flaws, there are six vulnerabilities, now identified as CVE-2017-8226, CVE-2017-8227, CVE-2017-8228, CVE-2017-8229, CVE-2017-8230 and CVE-2017-13719. There are really three issues in play here – the nature and severity of the flaws, how users should go about updating the firmware to secure their cameras, and why it’s taken until 2019 for owners to hear about them. Ideally, these cameras need to be identified and patched as soon as possible. Those cameras are out there, an unknown number of which are in a vulnerable state that an attacker might identify using the Shodan search engine if they are configured to be accessible via the internet. The 721 family has since been superseded by newer designs, which doesn’t, of course, mean that the many thousands of people who bought the product will stop using it just because a researcher has turned up security issues.
This week, we learned that the camera had another less welcome characteristic in the form of six security flaws discovered back in 2017 by a researcher at security outfit Synopsys.
#AMCREST ONVIF PORT 720P#
Launched around 2015, it offers 720p HD quality, two-way audio, the ability to pan and tilt, night vision, rounded off with four hours of cloud storage for your video footage at no extra cost. Looking at the spec sheet, it’s not hard to understand why someone in search of an affordable but well-specified home security camera would choose the wireless IPM-721 series from US company Amcrest.