Known Vulnerabilities for products from Amcrest

Listed below are 11 of the newest known vulnerabilities associated with the vendor "Amcrest".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Amcrest can be found at device.report : Amcrest

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2020-7222 json An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaS... 5.3 - MEDIUM 2020-01-18 2020-01-29
CVE-2020-5736 json Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. An authenticated remote attacker can ab... 6.5 - MEDIUM 2020-04-08 2020-04-09
CVE-2020-5735 json Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can... 8.8 - HIGH 2020-04-08 2020-04-09
CVE-2019-3948 json The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, D... 7.5 - HIGH 2019-07-29 2020-08-24
CVE-2018-16546 json Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remo... 5.9 - MEDIUM 2018-09-05 2019-10-03
CVE-2017-13719 json The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various funct... 9.8 - CRITICAL 2019-07-03 2019-07-17
CVE-2017-8230 json On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". ... 8.8 - HIGH 2019-07-03 2019-07-11
CVE-2017-8229 json Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentia... 9.8 - CRITICAL 2019-07-03 2019-07-11
CVE-2017-8228 json Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does n... 8.8 - HIGH 2019-07-03 2019-07-11
CVE-2017-8227 json Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password ... 9.8 - CRITICAL 2019-07-03 2019-07-11
CVE-2017-8226 json Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be ext... 9.8 - CRITICAL 2019-07-03 2019-07-11

Known software with vulnerabilities from Amcrest

Type Vendor Product Version
HardwareAmcrest1080-lite 8ch-
Operating
System		Amcrest1080-lite 8ch Firmware-
Operating
System		AmcrestAmcrest Ipc-hx1x3x-lexus Eng N Amcrestv2.420.ac01.3.r.20180206
HardwareAmcrestAmdv10814-h5-
Operating
System		AmcrestAmdv10814-h5 Firmware-
HardwareAmcrestIp2m-841-
HardwareAmcrestIp2m-841-v3-
Operating
System		AmcrestIp2m-841-v3 Firmwarev2.800.0000000.6.r.200314
Operating
System		AmcrestIp2m-841 Firmwarev2.420.ac00.18.r.20200217
HardwareAmcrestIp2m-853ew-
Operating
System		AmcrestIp2m-853ew Firmwarev2.623.00ac004.0.r.200316
HardwareAmcrestIp2m-858w-
Operating
System		AmcrestIp2m-858w Firmwarev2.623.00ac004.0.r.200316
HardwareAmcrestIp2m-866ew-
Operating
System		AmcrestIp2m-866ew Firmwarev2.623.00ac004.0.r.200316
HardwareAmcrestIp2m-866w-
Operating
System		AmcrestIp2m-866w Firmwarev2.623.00ac004.0.r.200316
HardwareAmcrestIp4m-1053ew-
Operating
System		AmcrestIp4m-1053ew Firmwarev2.623.00ac004.0.r.200316
HardwareAmcrestIp8m-2454ew-
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report