Hardcoded SSL Private Key Issue in Amcrest Networked Devices
CVE-2018-16546

5.9MEDIUM

Key Information:

Vendor: Amcrest
Status: Amcrest Ipc-hx1x3x-lexus Eng N Amcrest
Vendor: CVE Published:; 5 September 2018

What is CVE-2018-16546?

Amcrest networked devices have a security flaw that involves the use of a hardcoded SSL private key shared across different installations. This issue allows remote attackers to bypass encryption and cryptographic protections by exploiting knowledge of the common key used by multiple customers, seriously compromising the security of affected devices.

References

https://seclists.org/bugtraq/2018/Sep/6

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 5, 2018