CVE-2018-16546
Summary
| CVE | CVE-2018-16546 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-05 20:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. |
Risk And Classification
Problem Types: CWE-798
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Amcrest | Amcrest Ipc-hx1x3x-lexus Eng N Amcrest | v2.420.ac01.3.r.20180206 | All | All | All |
| Operating System | Amcrest | Amcrest Ipc-hx1x3x-lexus Eng N Amcrest | v2.420.ac01.3.r.20180206 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bugtraq: Amcrest Cameras SSL Key Reuse Across installations | MISC | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.