CVE-2018-16158

CRITICAL

Eaton Power Xpert Meter 4000, 6000, and 8000 Firmware < 13.4.0.10 - Use of Hard-coded SSH Private Key

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-16158. PoCs published by BrianWGray, including Metasploit module auxiliary/scanner/ssh/eaton_xpert_backdoor.

AI-analyzed exploit summary This Metasploit module exploits a hardcoded SSH private key in Eaton Xpert Meters to gain administrative access. It connects using a predefined key and establishes a session if successful.

Description

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.

Exploits (1)

metasploit WORKING POC
by BrianWGray · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssh/eaton_xpert_backdoor.rb

This Metasploit module exploits a hardcoded SSH private key in Eaton Xpert Meters to gain administrative access. It connects using a predefined key and establishes a session if successful.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Eaton Power Xpert Meter (firmware < 12.x.x.x or < 13.3.x.x)
No auth needed
Prerequisites: Network access to the target device on port 22
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.7001
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (3)
eaton/power_xpert_meter_4000_firmware < 13.4.0.10
eaton/power_xpert_meter_6000_firmware < 13.4.0.10
eaton/power_xpert_meter_8000_firmware < 13.4.0.10
Published Aug 30, 2018
Tracked Since Feb 18, 2026