{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12984", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-12-27T07:49:43.408Z", "datePublished": "2024-12-27T14:31:05.483Z", "dateUpdated": "2024-12-27T14:53:46.976Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-12-27T14:31:05.483Z"}, "title": "Amcrest IP2M-841B Web Interface webCapsConfig information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "Amcrest", "product": "IP2M-841B", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IP2M-841W", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IP2M-841B", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IP3M-943B", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IP3M-943S", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IP3M-HX2B", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IPM-721S", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S bis 20241211 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /web_caps/webCapsConfig der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-12-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-12-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-12-27T08:54:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "netsecfish (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.289377", "name": "VDB-289377 | Amcrest IP2M-841B Web Interface webCapsConfig information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.289377", "name": "VDB-289377 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.461109", "name": "Submit #461109 | Amcrest IP2M-841W, IPC-IP3M-HX2B, IPC-IP2M-841B, IPC-IPM-721S, IPC-IP3M-943B, IPC-IP3M-943S, IP2M-841B N/A Information Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-27T14:53:30.364152Z", "id": "CVE-2024-12984", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-27T14:53:46.976Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12984", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-12-27T07:49:43.408Z", "datePublished": "2024-12-27T14:31:05.483Z", "dateUpdated": "2024-12-27T14:53:46.976Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-12-27T14:31:05.483Z"}, "title": "Amcrest IP2M-841B Web Interface webCapsConfig information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "Amcrest", "product": "IP2M-841B", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IP2M-841W", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IP2M-841B", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IP3M-943B", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IP3M-943S", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IP3M-HX2B", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}, {"vendor": "Amcrest", "product": "IPC-IPM-721S", "versions": [{"version": "20241211", "status": "affected"}], "modules": ["Web Interface"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S bis 20241211 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /web_caps/webCapsConfig der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-12-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-12-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-12-27T08:54:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "netsecfish (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.289377", "name": "VDB-289377 | Amcrest IP2M-841B Web Interface webCapsConfig information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.289377", "name": "VDB-289377 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.461109", "name": "Submit #461109 | Amcrest IP2M-841W, IPC-IP3M-HX2B, IPC-IP2M-841B, IPC-IPM-721S, IPC-IP3M-943B, IPC-IP3M-943S, IP2M-841B N/A Information Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4", "tags": ["exploit"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12984", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-27T14:53:30.364152Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-27T14:53:42.517Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2024-12984", "lastModified": "2024-12-27T15:15:11.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-12-27T15:15:11.957", "references": [{"source": "cna@vuldb.com", "url": "https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.289377"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.289377"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.461109"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}