Amcrest Camera Security Issues Solved Goprocamera27, April 19, 2026 Amcrest camera security issues are not just theoretical—they’re real, widespread, and actively exploited. Despite their popularity for home and small business surveillance, Amcrest IP cameras have long been flagged for critical firmware vulnerabilities, unauthorized outbound connections, and insecure default settings that leave users exposed. With multiple CVE-listed exploits, persistent telemetry to third-party servers, and design flaws like unencrypted ONVIF traffic, these devices can become entry points for hackers if not properly secured. You might assume your camera is safe because it’s behind a firewall or not port-forwarded—but Amcrest devices often phone home to AWS and other external domains, sometimes even to suspicious IPs in Russia and Ukraine. Worse, many users unknowingly run outdated firmware with remote code execution flaws like CVE-2020-5735, which CISA lists as actively exploited. This guide breaks down every known security risk and gives you actionable steps to lock down your system before it’s too late. Block Unauthorized Outbound Connections to External Servers Amcrest cameras frequently attempt to connect to remote servers—even when cloud features are disabled. These connections may support P2P access or firmware updates, but their persistence and lack of transparency raise serious privacy and security concerns. Stop Daily Beaconing to AWS Cloud Domains Multiple users report constant outbound HTTPS (port 443) traffic to domains hosted on Amazon AWS infrastructure: amcrestcloud.com amcrestview.com p2p.amcrestview.com config-amcrestcloud-com/54/157/249/9 (IP: 54.157.249.9) These domains enable P2P remote viewing, cloud storage, and device configuration syncing. Even with P2P and cloud access turned off in the UI, cameras may continue connecting for up to two hours—or indefinitely in some cases. Red Flag: One user logged 3 million outbound requests per day after blocking these domains at the firewall—proof that the camera retries aggressively. Why This Matters Persistent outbound traffic can: – Expose your network topology – Leak device status and uptime – Serve as a side-channel for attackers monitoring beacon patterns Action Step: Block all non-essential domains at your router or firewall. Allow Only Legitimate NTP Time Sync Connections to clock.isc.org (port 123 UDP) are normal—used for accurate time synchronization, which is critical for timestamping recordings and forensic review. However, allowing unrestricted outbound access just for NTP is risky. Best practice: whitelist only NTP traffic and block everything else. Pro Tip: Use a local NTP server (e.g., on a Pi-Hole or NAS) to reduce external exposure. Investigate Suspicious IPs in Russia and Ukraine Some network logs show Amcrest cameras attempting to reach IPs in Kyiv (134.249.145.106) and Moscow (84.42.59.244). While not confirmed as malicious, these connections: Are not documented by Amcrest May indicate use of third-party P2P relays Could signal DNS hijacking or compromised firmware Defense Strategy: Treat any undocumented outbound connection as suspicious. Block these IPs and monitor logs for recurrence. Patch Critical Firmware Vulnerabilities Immediately Unpatched firmware is the #1 reason Amcrest cameras get hacked. Several publicly known CVEs allow full device takeover—yet patches are not automatically pushed and often not available on the public download page. Fix CVE-2020-5735: Remote Code Execution Vulnerability Risk: Buffer overflow allows remote code execution Status: Listed in CISA’s Known Exploited Vulnerabilities Catalog Affected: Multiple Amcrest IP camera models Patch Availability: Only via support ticket Warning: Downloading the “latest” firmware from Amcrest’s website does not guarantee this CVE is fixed. How to Get the Patch Locate your model and serial number Contact Amcrest support directly Request firmware with CVE-2020-5735 fix Verify patch version before flashing Pro Tip: After updating, perform a factory reset to clear any hidden configurations that could persist post-update. Prevent Admin Credential Leaks (CVE-2017-8229) Model: IPM-721S Flaw: Admin credentials exposed via unauthenticated HTTP GET Attack Method: http://[camera-ip]/[config-file-path] Result: Full admin access—no password needed Mitigation: Update firmware immediately. Never expose camera to the internet. Stop Remote Code Execution via Base64 Password Exploit (CVE-2017-13719) CVSS Score: 10.0 (maximum severity) Exploit: Send 1,024-character Base64 password in Authorization header Result: Memory corruption → device takeover Defense: Apply firmware patch. Strong passwords won’t stop this exploit if unpatched. Disable Insecure Default Settings That Invite Attacks Amcrest cameras ship with security turned off by default. If you haven’t manually hardened your device, it’s likely vulnerable. Change Default Passwords Immediately Default credentials (admin/admin) are public knowledge. Brute-force attacks scan the web for these daily. Reality vs. Amcrest’s Warning While Amcrest warns users: “Never use the default password. Always use lowercase, uppercase, and numbers.” No forced password change on first login No lockout after failed attempts (on some models) Users skip updates and leave defaults Fix: Immediately set a 12+ character password with mixed case, numbers, symbols. Turn Off P2P Access to Prevent Remote Hijacking P2P allows remote viewing without port forwarding—but it’s a major risk. Why P2P Is Dangerous Enabled by default Requires only QR code or serial number to link If someone photographs your camera’s label, they can add it to their cloud account Real Incident: A user noticed someone taking a photo of their Amcrest QR code—likely for remote exploitation. How to Disable P2P Log into camera web UI Go to Network Settings > P2P Set P2P Enable = No Save and reboot Wait up to 2 hours for beaconing to stop Best Practice: Also block amcrestview.com and easy4ipcloud.com at the firewall. Secure ONVIF and Authentication Flaws ONVIF is essential for third-party integrations (e.g., Home Assistant, Synology), but Amcrest implements it insecurely. ONVIF Runs Over Unencrypted HTTP (Port 80) No HTTPS support for ONVIF service Credentials and video metadata are sent in plain text Anyone on your network can sniff ONVIF traffic and extract login details Workaround Use VLAN segmentation Restrict ONVIF access to trusted devices only Never run ONVIF over untrusted networks Only Admin User Works with ONVIF Even users with full permissions fail to authenticate via ONVIF unless username is admin. Verified Issues Home Assistant integration fails with non-admin users Onvifer app requires admin login GitHub issue #39638 confirms the flaw Security Impact: You must use admin credentials in third-party apps—increasing exposure if the app is compromised. Fix Password Truncation and Input Flaws Amcrest’s web interface silently breaks long passwords—leading to confusion and lockouts. Passwords Are Silently Truncated to 16 Characters Input form accepts long passwords Backend truncates to 16 characters without warning maxlength attribute differs between setup and login User Experience: A 20-character password works during setup but fails after reboot. How to Avoid Manually test password length Use 16 characters or fewer if possible Avoid relying on password managers that generate overly long strings No Brute-Force Protection on Some Models Some Amcrest models lack account lockout after failed logins. Exploit Risk: Automated tools can guess weak passwords indefinitely. Mitigation Use strong, unique passwords Enable IP filtering if supported Monitor logs for repeated login attempts Avoid Cameras with Huawei/HiSilicon Chips Hardware origin matters. Some Amcrest models use HiSilicon SoCs—a major red flag due to Huawei ties and U.S. government bans. AD110 Doorbell Uses Huawei Hi3516C Chip Chipset: HiSilicon Hi3516C V200 Subject to NDAA compliance ban Prohibited in U.S. government systems Detection Command: http://<camera-ip>/cgi-bin/magicBox.cgi?action=getSystemInfo Look for: Processor: HiSilicon Firmware Version: ... Most Amcrest Cams Are Rebranded Dahua Manufactured by Foscam, but many share firmware with Dahua Use similar HiSilicon or Ambarella chipsets Same vulnerabilities often apply across brands Recommendation: Avoid any camera with HiSilicon processor—especially for business or government use. Harden Your Network Immediately You can’t fix Amcrest’s firmware overnight—but you can control the network. Segment Cameras on a VLAN Create a dedicated VLAN for all cameras Block all inbound and outbound WAN traffic Allow only NTP (port 123) and local NVR access Tools: Use Firewalla Gold, OpenWRT, or enterprise routers (e.g., UniFi, pfSense) Block Telemetry Domains at Firewall Add these to your firewall block list: amcrestcloud.com amcrestview.com easy4ipcloud.com p2p.amcrestview.com config-amcrestcloud-com Note: Some telemetry uses direct IPs—use DNS sinkholing (e.g., Pi-Hole) for additional protection. Use VPN Instead of P2P or Port Forwarding Never expose your camera to the internet directly. Why You Should Avoid Port Forwarding Opens direct access to your LAN Bypasses all internal security Makes you a target for automated scanners Secure Remote Access via VPN Recommended Setup Install WireGuard or OpenVPN on your router or home server Assign cameras static IPs Connect remotely via encrypted tunnel Access web UI or NVR securely User Example: 22 Amcrest cameras behind a firewall—only accessible via inbound VPN, no P2P, no port forwarding. Final Checklist: Secure Your Amcrest System ✅ Never expose camera to internet ✅ Disable P2P in Network Settings ✅ Block outbound domains at firewall ✅ Segment cameras on dedicated VLAN ✅ Use VPN for remote access ✅ Contact support for CVE patches ✅ Change default password—use 12+ chars ✅ Avoid Huawei/HiSilicon chip models ✅ Monitor logs for suspicious connections ✅ Replace with Axis or UniFi for critical use Bottom Line: Amcrest cameras are affordable but insecure by default. They require aggressive network hardening to be safe. If you can’t implement VLANs, firewall rules, and manual firmware updates, choose a more secure brand. Your privacy depends on it. Help