CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file

2024-01-1214:24:20

CWE-798

CERT-PL

www.cve.org

cve-2023-49256; download configuration; decrypt passwords; static key

0.001 Low

EPSS

Percentile

37.3%

JSON

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "H8951-4G-ESP",
    "vendor": "Hongdian",
    "versions": [
      {
        "lessThan": "2310271149",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/01/CVE-2023-49253/

cert.pl/posts/2024/01/CVE-2023-49253/

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVELIST:CVE-2023-49256