CVE-2018-16546
First published: Wed Sep 05 2018(Updated: )
Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Amcrest Amcrest Ipc-hx1x3x-lexus Eng N Amcrest | =v2.420.ac01.3.r.20180206 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-16546?
CVE-2018-16546 is a vulnerability that affects Amcrest networked devices.
What is the severity of CVE-2018-16546?
The severity of CVE-2018-16546 is medium with a severity value of 5.9.
How does CVE-2018-16546 affect Amcrest devices?
CVE-2018-16546 allows remote attackers to defeat cryptographic protection mechanisms on Amcrest devices by using a hardcoded SSL private key.
Is there a fix for CVE-2018-16546?
According to the provided reference, a fix for CVE-2018-16546 may be available. Please refer to the reference link for more information.
What is CWE-798?
CWE-798 refers to an Insufficient Verification of Data Authenticity vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/amcrest
- canonical/amcrest amcrest ipc-hx1x3x-lexus eng n amcrest
- version/amcrest amcrest ipc-hx1x3x-lexus eng n amcrest/v2.420.ac01.3.r.20180206