CVE-2018-16546

MEDIUM

Amcrest IPC-HX1X3X-LEXUS - Hardcoded SSL Private Key

Title source: llm
STIX 2.1

Description

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/bugtraq/2018/Sep/6

Scores

CVSS v3 5.9
EPSS 0.0100
EPSS Percentile 58.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-798
Status published
Products (1)
amcrest/amcrest_ipc-hx1x3x-lexus_eng_n_amcrest v2.420.ac01.3.r.20180206
Published Sep 05, 2018
Tracked Since Feb 18, 2026