CVE-2017-8227

Name of the Vulnerable Software and Affected Versions Amcrest IPM-721S version V2.420.AC00.16.R.20160909

Description The issue concerns a brute force attack vulnerability. When 30 incorrect password attempts are detected using the Web and HTTP API interface, a 5-minute timeout policy is enforced. However, this policy does not apply when the same brute force attempt is performed using the ONVIF specification, allowing an attacker to circumvent account protection and brute force credentials. The vulnerable function is located in the "sonia" binary, which performs credential checks for the ONVIF specification. This binary follows the ARM little endian format. The function at address 00671618 parses the WSSE security token header, and the sub 603D8 function performs the authentication check. If authentication fails, it passes to the sub 59F4C function, which prints "Sender not authorized."

Recommendations For Amcrest IPM-721S version V2.420.AC00.16.R.20160909, as a temporary workaround, consider disabling the ONVIF specification until a patch is available to prevent brute force attacks. Restrict access to the "sonia" binary to minimize the risk of exploitation. Avoid using the ONVIF specification in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.