CVE-2018-16546

Published: Sep 5, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206.

Affected (1)

Products: Amcrest: Amcrest Ipc Hx1x3x Lexus Eng N Amcrest

1 product

Amcrest Ipc Hx1x3x Lexus Eng N Amcrest

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Amcrest Amcrest Ipc Hx1x3x Lexus Eng N Amcrest	Version v2.420.ac01.3.r.20180206

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://seclists.org/bugtraq/2018/Sep/6

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2018/Sep/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.