CVE-2018-16546 — MEDIUM (5.9)

Vulnerability Description

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Amcrest	Amcrest Ipc-Hx1X3X-Lexus Eng N Amcrest	v2.420.ac01.3.r.20180206

Related Weaknesses (CWE)

CWE-798

References

https://seclists.org/bugtraq/2018/Sep/6Mailing ListThird Party Advisory
https://seclists.org/bugtraq/2018/Sep/6Mailing ListThird Party Advisory

FAQ

What is CVE-2018-16546?

CVE-2018-16546 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kn...

How severe is CVE-2018-16546?

CVE-2018-16546 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16546?

Check the references section above for vendor advisories and patch information. Affected products include: Amcrest Amcrest Ipc-Hx1X3X-Lexus Eng N Amcrest.