cvedb.io
CVE-2018-16546
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2018-09-05T20:29:00.643 · Last modified 2026-06-17T01:44:27.817

Summary

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206.

Affected products

amcrest — amcrest_ipc-hx1x3x-lexus_eng_n_amcrest

Does this affect you?

Add your gear to cvedb and we'll alert you only when amcrest ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.