Sign-up

ID

VAR-201809-0603


CVE

CVE-2018-16546


TITLE

Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010882

DESCRIPTION

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST_V2.420.AC01.3.R.20180206. Amcrest_IPC-HX1X3X-LEXUS_Eng_N_AMCREST Contains a cryptographic vulnerability.Information may be obtained. Amcrest is a network camera product from Amcrest Corporation of the United States. An attacker could exploit the vulnerability to bypass the encryption protection mechanism by learning about other installed keys

Trust: 2.16

sources: NVD: CVE-2018-16546 // JVNDB: JVNDB-2018-010882 // CNVD: CNVD-2019-24193

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-24193

AFFECTED PRODUCTS

vendor:amcrestmodel:ipc-hx1x3x-lexus eng n amcrestscope:eqversion:v2.420.ac01.3.r.20180206

Trust: 1.6

vendor:amcrestmodel:ipc-hx1x3x-lexus eng n amcrestscope:eqversion:2.420.ac01.3.r.20180206

Trust: 0.8

vendor:amcrestmodel:amcrestscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-24193 // JVNDB: JVNDB-2018-010882 // CNNVD: CNNVD-201809-210 // NVD: CVE-2018-16546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16546
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-16546
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-24193
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-210
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-16546
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-24193
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-16546
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-24193 // JVNDB: JVNDB-2018-010882 // CNNVD: CNNVD-201809-210 // NVD: CVE-2018-16546

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:CWE-310

Trust: 0.8

sources: JVNDB: JVNDB-2018-010882 // NVD: CVE-2018-16546

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-210

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201809-210

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010882

PATCH
title:Top Pageurl:https://amcrest.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-010882

EXTERNAL IDS
db:NVDid:CVE-2018-16546
Trust: 3.0
db:JVNDBid:JVNDB-2018-010882
Trust: 0.8
db:CNVDid:CNVD-2019-24193
Trust: 0.6
db:CNNVDid:CNNVD-201809-210
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-24193 // 
            
            
            
            JVNDB: JVNDB-2018-010882 // 
            
            
            
            CNNVD: CNNVD-201809-210 // 
            
            
            
            NVD: CVE-2018-16546

REFERENCES
url:https://seclists.org/bugtraq/2018/sep/6
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16546
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16546
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-24193 // 
            
            
            
            JVNDB: JVNDB-2018-010882 // 
            
            
            
            CNNVD: CNNVD-201809-210 // 
            
            
            
            NVD: CVE-2018-16546

SOURCES
db:CNVDid:CNVD-2019-24193
db:JVNDBid:JVNDB-2018-010882
db:CNNVDid:CNNVD-201809-210
db:NVDid:CVE-2018-16546

LAST UPDATE DATE
2024-11-23T22:51:59.935000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-24193date:2019-07-24T00:00:00
db:JVNDBid:JVNDB-2018-010882date:2018-12-27T00:00:00
db:CNNVDid:CNNVD-201809-210date:2019-10-23T00:00:00
db:NVDid:CVE-2018-16546date:2024-11-21T03:52:56.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-24193date:2019-09-22T00:00:00
db:JVNDBid:JVNDB-2018-010882date:2018-12-27T00:00:00
db:CNNVDid:CNNVD-201809-210date:2018-09-06T00:00:00
db:NVDid:CVE-2018-16546date:2018-09-05T20:29:00.643