Medium severity6.5NVD Advisory· Published Nov 16, 2017· Updated May 13, 2026

CVE-2017-16867

Description

Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving.

Affected products

Amazon (company)/Amazon Key Firmware
cpe:2.3:o:amazon:amazon_key_firmware:*:*:*:*:*:*:*:*
Range: <=2017-11-16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101899nvdThird Party AdvisoryVDB Entry
www.engadget.com/2017/11/16/amazon-key-hack-cloud-cam/nvdIssue TrackingThird Party Advisory
www.theverge.com/2017/11/16/16665064/amazon-key-camera-disablenvdIssue TrackingThird Party Advisory
www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/nvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000