Amcrest
Amcrest is a Houston-based security camera and smart home brand selling IP cameras, NVRs, doorbells, and cloud storage services. Products are OEM'd from Chinese manufacturer Dahua with Amcrest firmware modifications. The company targets both consumer and small-business markets with affordable wired and wireless camera systems.
Score generated by AI agents based on publicly cited evidence and reviewed by the project maintainer. Not independently validated.
Score History
Timeline events are AI-curated from public reporting. Score trajectory is derived from documented events.
Amcrest operated as the US arm of Foscam, distributing affordable IP cameras to the North American market. The product was straightforward hardware with minimal cloud services, and competitive concerns were low. Governance was informal as a small startup, but there were no major regulatory or security issues yet.
After severing ties with Foscam Shenzhen, Amcrest rebranded and partnered with Dahua as its OEM supplier. This gave Amcrest access to a broader product line but tied the company's fate to a manufacturer that would soon face serious regulatory scrutiny. The Amcrest Cloud service launched, introducing subscription revenue alongside hardware sales. Internal governance remained lean with cost minimization evident.
A cascade of security and regulatory problems hit Amcrest. Six critical CVEs with CVSS scores up to 10.0 were publicly disclosed after Amcrest delayed notifying users for 18 months. The NDAA banned Dahua products from federal procurement, and the Commerce Department added Dahua to the Entity List over its role in Uyghur surveillance. Amcrest's opacity about its Dahua relationship became a competitive conduct liability.
The FCC banned Dahua from new equipment authorizations, creating existential uncertainty for Amcrest's product pipeline. Cloud subscription monetization intensified with two separate platforms (Smart Home and Link) using different pricing tiers. Dark patterns emerged around cloud trial auto-conversion and punitive account deletion. The Intercept's expose of illegal military sales and CISA's KEV listing of Amcrest vulnerabilities cemented the company's regulatory baggage.
Amcrest's user experience continued deteriorating as the app ecosystem fragmented to five separate applications with no unification plan. Push notifications broke for iOS users in October 2024, and the replacement View Pro 2 app was widely criticized. The DC Circuit upheld the FCC's Dahua ban, and the company's Trustpilot rating sank to 1.3/5 stars. Glassdoor reviews revealed a toxic workplace culture with nepotism, PTO clawback policies, and employee surveillance.
Alternatives
Open-source home automation platform that can integrate with any ONVIF-compatible camera (including existing Amcrest hardware). Eliminates dependency on any single vendor's cloud or app. Hard switch — requires technical setup and a local server, but provides maximum privacy and control.
Budget-friendly cameras with better AI detection, a unified app, and no subscription required for local storage. Supports local NVR and optional cloud. Easy switch — similar DIY setup approach. Not fully ONVIF compatible, which limits third-party NVR options compared to Amcrest.
Ultra-affordable cameras starting under $30 with a clean app experience and Alexa/Google integration. Free local storage via microSD. Optional Cam Plus subscription ($2/month) adds AI detection. Best for casual users who want simple setup, though build quality is basic.
Dimensional Breakdown
Summaries below were written by AI agents based on the cited evidence. They are editorial interpretations, not independent research findings.
Dimension History
Timeline (29 events)
Amcrest Technologies Founded in Houston, Texas
Amcrest Technologies was founded in Houston by Abdurahman Ravat, the same entrepreneur behind Foscam Digital Technologies US. The company initially operated as the US arm of Foscam, distributing Chinese-manufactured IP cameras to the North American consumer market.
Foscam US Splits, Rebrands as Amcrest, Partners with Dahua
After Foscam Shenzhen allegedly began undercutting its US distributor, Foscam US severed ties and rebranded as Amcrest Technologies. The company switched its OEM supplier from Foscam to Dahua, a Chinese manufacturer that would later face US government sanctions. This established the Dahua dependency that defines Amcrest's regulatory risk profile.
Amcrest Forum Users Report Software Quality as 'Amazingly Bad'
Early Amcrest forum posts documented persistent firmware instability, with users describing the software as 'amazingly bad.' Web interface plugins failed across multiple browsers (Safari, Chrome, Firefox, IE), cameras randomly rebooted after firmware updates, and NVR connectivity dropped regularly. These issues persisted without fixes for years, reflecting the consequences of outsourcing software development to a China-based team with limited responsiveness to the US customer base.
Six Critical Security Vulnerabilities Discovered in Amcrest Cameras
Security researcher Mandar Satam at Synopsys discovered six vulnerabilities in the Amcrest IPM-721S camera, including CVE-2017-13719 (CVSS 10.0, unauthenticated memory corruption) and CVE-2017-8229 (CVSS 9.8, unauthenticated credential disclosure). The most severe bugs allowed complete remote takeover of cameras by unauthenticated attackers. Amcrest was slow to address the flaws, taking over 18 months before publicly acknowledging them.
F-Secure Discloses 18 Vulnerabilities in Foscam Cameras
Finnish security firm F-Secure publicly disclosed 18 vulnerabilities in Foscam cameras, including hard-coded passwords, blank file-transfer credentials, hidden Telnet access, and a non-functional firewall. Because Amcrest cameras share the same hardware lineage through Foscam's OEM origins, the disclosure highlighted systemic security weaknesses across the product family. Foscam never responded to the researchers or issued patches.
Amcrest NVR Ecosystem Creates Hardware-Level Lock-in for Multi-Camera Users
As Amcrest expanded its NVR product line under the Dahua rebrand, users who invested in Amcrest NVRs found themselves locked into the ecosystem. Third-party cameras connected via ONVIF often lost motion detection recording functionality, and Amcrest recommended against using non-Amcrest cameras with their NVRs. The proprietary port 37777 interface added a non-standard layer that limited full interoperability, despite ONVIF marketing claims.
Glassdoor Review Warns 'Avoid This Place' Citing Nepotism and Low Pay
An Amcrest Industries employee posted a Glassdoor review titled 'Avoid this place if you can,' describing the company as 'unorganized, shady and full of nepotism.' The review cited no advancement opportunities, low pay, and a practice of docking compensation when employees took unpaid time off for medical appointments. The highest-paid employees were reportedly related to the CEO, and HR was described as 'so deep in the company pockets that your issues are not heard.'
Sophos Publicly Reports Amcrest Camera Critical Flaws After 18-Month Delay
Sophos News published a detailed report on the six Amcrest IPM-721S CVEs originally discovered in 2017, noting that Amcrest had known about the flaws for at least 18 months. Amcrest had quietly released patched firmware but delayed telling owners about the security implications 'to give users time to update' — leaving many devices exposed during the delay window.
NDAA Section 889 Bans Dahua Products from Federal Government
The 2019 National Defense Authorization Act Section 889 took effect, barring all federal agencies from procuring or using video surveillance equipment produced by Dahua or Hikvision, including OEM rebrands. Because Amcrest products are Dahua OEMs, they became ineligible for any federal government sale — though Amcrest continued selling on Amazon and other channels where government agencies could still purchase them.
US Commerce Department Adds Dahua to Entity List Over Uyghur Surveillance
The US Department of Commerce added Dahua Technology to the Entity List for its role in China's surveillance and detention campaign against Uyghur Muslims in Xinjiang. Dahua had won nearly $1 billion in Xinjiang police surveillance contracts, building and operating surveillance stations with facial recognition systems configured to send 'real-time Uyghur warnings' to police. The listing barred Dahua from purchasing US components without government approval.
Employees Report Forced Multi-Role Work and Below-Market Compensation
Indeed and Glassdoor reviews from this period consistently cited Amcrest's practice of hiring employees for specific roles (e.g., testing) then requiring them to assist with labor-intensive shipping duties without additional compensation. Multiple reviews noted pay well below regional Houston averages, minimal raises even when requested, and only 14 days of PTO after the first year. The lean operation kept costs low but contributed to high turnover and poor software quality.
Amcrest Buffer Overflow Vulnerability CVE-2020-5735 Disclosed
Tenable discovered a stack-based buffer overflow vulnerability (CVE-2020-5735) in Amcrest cameras and NVRs through port 37777. The vulnerability allows remote attackers to crash devices and potentially execute arbitrary code. Tenable verified the issue on the Amcrest IP2M-841 and 1080-Lite 8CH, and noted the same vulnerability likely affects other Dahua-based devices.
Tenable Finds Brute Force Vulnerability on Port 37777 Across 1.3M Devices
Tenable's extended research on the port 37777 interface revealed that there were no restrictions on login attempts, enabling brute force attacks. The same proprietary Dahua port was found on approximately 1.3 million devices via Shodan, meaning the vulnerability affected a massive installed base of Amcrest and Dahua cameras worldwide.
Amcrest Cloud Trial Auto-Converts to Paid Plan Requiring Credit Card
Amcrest's Smart Home cloud plans required a credit card for the free trial, which automatically converted to a $1.99/month paid subscription after one year. The conversion terms were buried in support documentation rather than prominently displayed during sign-up. The free tier itself was functionally crippled with 12-second recording limits and 7-minute cooldowns between events, making it inadequate for actual security monitoring and steering users toward paid plans.
Intercept Exposes Amcrest Cameras Illegally Sold to US Military
The Intercept, working with IPVM, reported that Amcrest-branded cameras (rebranded Dahua DVRs) were sold to the US Army through contractor Global Data Center in September 2020, violating NDAA Section 889 sanctions. IPVM analysis confirmed the Amcrest AMDV10814-1TB-C was an identical rebrand of the Dahua XVR4104. When contacted, Amcrest would not confirm its Dahua manufacturing relationship.
Account Closure Policy Deletes Camera Configurations on Non-Payment
Users reported that when Amcrest closed accounts for non-payment of cloud subscriptions, the company deleted not just cloud recordings but all camera configuration settings. Since camera setups take significant user effort but consume trivial server storage, the practice was widely criticized as punitive. Users who stopped paying cloud fees lost their device names, notification settings, and recording schedules, forcing reconfiguration from scratch if they resumed service.
CISA Adds CVE-2020-5735 to Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) added the Amcrest/Dahua buffer overflow vulnerability CVE-2020-5735 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. Federal agencies were required to remediate the vulnerability, further highlighting the security risks of Amcrest's Dahua-derived firmware.
President Biden Signs Secure Equipment Act Targeting Dahua
President Biden signed the Secure Equipment Act of 2021, directing the FCC to ban new equipment authorizations for companies on the Covered List, including Dahua. The law required the FCC to adopt implementing rules by November 2022, setting the stage for broader restrictions on Amcrest's OEM supplier beyond the existing NDAA procurement ban.
Amcrest Introduces Second Cloud Platform, Fragmenting User Experience
Amcrest launched the Amcrest Link app and cloud platform alongside the existing Smart Home cloud, creating two separate subscription services with different pricing tiers, different camera compatibility, and different feature sets. Users had to determine which platform their camera supported, with no unified dashboard or account. The pricing confusion was compounded by the existing Amcrest Cloud app, bringing the total to three separate cloud-related apps.
FCC Bans Dahua from New Equipment Authorizations
The FCC voted unanimously to ban new equipment authorizations for Dahua, Hikvision, Huawei, ZTE, and Hytera, implementing the Secure Equipment Act. No new Dahua-produced equipment could receive FCC authorization, making new Dahua hardware effectively illegal to sell in the US. Models authorized before November 2022 remained grandfathered, but the FCC signaled it might revoke existing authorizations in the future.
Activists Call for Complete Ban on Dahua and Hikvision Products
Human rights activists and organizations including the Uyghur Human Rights Project called for a complete ban on all Dahua and Hikvision products in the US, not just restrictions on new authorizations. The campaign highlighted Dahua's ongoing role in Uyghur surveillance, with research documenting how Dahua cameras were configured to trigger racial profiling alerts in Xinjiang. This intensified scrutiny of downstream resellers like Amcrest.
Open Letter on Amcrest Forum Documents Years of Software Neglect
An Amcrest forum user published an open letter detailing systemic software quality failures: non-functional web viewers across all browsers, cameras disappearing from NVRs after reboots, and firmware updates that broke existing functionality. The letter noted that identical issues had been reported by other users for years without resolution. As of 2023, users reported zero meaningful improvements to the apps in over six years.
SafeWise Review Describes Amcrest Cloud as Convoluted and Overpriced
SafeWise's 2023 security camera review described Amcrest's cloud pricing as one of the most convoluted and expensive schemes among consumer security camera brands. With multiple cloud platforms charging $1.99-$12.99 per camera per month and different pricing tiers depending on which app and camera model a user had, the review noted that competing brands like Wyze offered cleaner subscription models at lower prices. The complexity disproportionately affected multi-camera customers.
Remote Access Outage Affects Amcrest iPhone Users on AT&T
Around December 2023, remote access stopped working for Amcrest camera users with iPhones on the AT&T network. Amcrest acknowledged the issue as a known problem but offered no timeline for resolution. Customers with $2,000+ invested in Amcrest hardware reported being unable to monitor their cameras remotely, undermining the core value proposition of the security camera system.
Court Upholds FCC Ban on Dahua Equipment Authorizations
The US Court of Appeals for the DC Circuit denied Dahua's and Hikvision's appeal against the FCC equipment authorization ban, ruling that Congress intended the ban and that the companies could not challenge their placement on the Covered List. The court instructed the FCC to narrow its definition of 'critical infrastructure' but affirmed the core ban. Amcrest's OEM supplier remained barred from new US equipment authorizations.
Amcrest Launches View Pro 2 App as Fragmentation Deepens
Amcrest released View Pro 2, a replacement for the original View Pro app. Rather than updating the existing app, Amcrest created an entirely new application, bringing the total number of separate Amcrest apps to five (View Pro, View Pro 2, Smart Home, Cloud, and Link). Users described the new app as 'insanely inadequate,' and the transition caused widespread confusion about which app to use for which camera model.
Customer Charged After Cancellation, Account Cannot Be Located
A Trustpilot reviewer reported that Amcrest continued charging their account after cancelling their cloud subscription, and when they contacted support, Amcrest could not locate their account despite years of recorded payments. The incident exemplifies the dark pattern of making cancellation unreliable while subscription billing continues automatically.
Push Notifications Break for View Pro Users Across iOS
Starting around October 17, 2024, push notifications stopped working for Amcrest View Pro users on iOS. Users with 8-camera systems that had worked for years suddenly lost all alerts. Amcrest support confirmed the issue was on their side, but the fix required switching to the newer View Pro 2 app, which many users found inadequate. The failure affected a core security feature — motion detection alerts — for an indeterminate number of users.
MakeUseOf Names Amcrest as Camera Brand to Avoid
MakeUseOf published a review article identifying Amcrest as 'the one security camera I don't recommend to anyone,' citing the fragmented five-app ecosystem as the primary reason. The article noted that users must determine which of five separate apps works with their specific camera model — with no unified platform in sight. The negative press represented growing mainstream media recognition of Amcrest's UX failures.