Login Sign Up

CVE-2016-2357

9.8 CRITICAL

📋 TL;DR

Milesight IP security cameras contain a hardcoded SSL private key, allowing attackers to decrypt encrypted traffic and potentially impersonate legitimate devices. This affects all Milesight IP cameras manufactured before November 14, 2016.

💻 Affected Systems

Products:
  • Milesight IP security cameras
Versions: All versions through 2016-11-14
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All cameras with the hardcoded key in /etc/config directory are vulnerable regardless of configuration.

📦 What is this software?

Ip Security Camera Firmware by Milesight

View all CVEs affecting Ip Security Camera Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of camera systems, allowing attackers to intercept video feeds, inject malicious content, pivot to internal networks, and disable security monitoring.

🟠

Likely Case

Interception of video streams and camera credentials, enabling unauthorized surveillance and potential access to connected networks.

🟢

If Mitigated

Limited impact if cameras are isolated in separate VLANs with strict network segmentation and no internet exposure.

🌐 Internet-Facing: HIGH - Internet-exposed cameras can be directly attacked, allowing traffic decryption and device impersonation.
🏢 Internal Only: MEDIUM - Requires internal network access but still enables traffic interception and lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires network access to camera but no authentication. The hardcoded key is publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Contact Milesight for firmware updates. Replace affected cameras with newer models manufactured after 2016-11-14.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras in separate VLAN with strict firewall rules preventing internet access and limiting internal communication.

VPN Tunnel

all

Route all camera traffic through encrypted VPN tunnels to prevent SSL interception.

🧯 If You Can't Patch

  • Physically replace affected cameras with newer models
  • Implement network monitoring for unusual SSL/TLS traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check camera firmware date (pre-2016-11-14) or attempt to extract SSL key from /etc/config directory via SSH if accessible.

Check Version:

Check camera web interface or serial number/manufacturing date

Verify Fix Applied:

Verify camera firmware date is after 2016-11-14 or check that SSL certificates are unique per device.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed SSL handshake attempts
  • Unusual certificate validation errors

Network Indicators:

  • SSL/TLS traffic decryption attempts
  • Man-in-the-middle attacks on camera ports

SIEM Query:

source_ip=* dest_ip=camera_ip port=443 protocol=SSL alert_type='Certificate Mismatch'

📊 Metadata

CVE ID: CVE-2016-2357
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: October 25, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-2357, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)