CVE-2024-12984

Summary

A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
AmcrestIP2M-841B20241211affected
AmcrestIP2M-841W20241211affected
AmcrestIPC-IP2M-841B20241211affected
AmcrestIPC-IP3M-943B20241211affected
AmcrestIPC-IP3M-943S20241211affected
AmcrestIPC-IP3M-HX2B20241211affected
AmcrestIPC-IPM-721S20241211affected

Weaknesses

  • CWE-200: Information Disclosure
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References