CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

CVE-2026-36606

CVE-2026-36606 affects Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909. The vulnerability stems from encrypting configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who gains a backup file can decrypt it to recover all stored credentials, inc...

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

CVE-2026-44061

A flaw was found in Netatalk. This vulnerability involves the DES-ECB Data Encryption Standard - Electronic Codebook authentication mechanism, which is susceptible to a timing side channel attack. A remote attacker could potentially exploit this timing difference during authentication to gain...

CVE-2026-44061

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

CVE-2026-44061

CVE-2026-44061 affects Netatalk 1.5.0 through 4.4.2, where DES-ECB authentication exposes a timing side channel. Root cause is the use of DES-ECB for authentication, enabling a remote attacker to glean credentials via timing analysis; the issue is mitigated by upgrading to Netatalk 4.5.0 or later...

CVE-2026-44061

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

PT-2026-42417

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.4.2 Description The software uses DES-ECB Data Encryption Standard in Electronic Codebook mode for authentication, which is susceptible to a timing side channel. This allows a remote attacker to recover...

EUVD-2026-25856

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

CVE-2026-5039

CVE-2026-5039 affects TP-Link TL-WR841N v13. The issue stems from using DES-CBC encryption in the TDDPv2 debug protocol, with a cryptographic key derived from the device’s default web management credentials. This makes the key predictable when the device remains in its default configuration. A ne...

Libgcrypt 1.12.0

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

CVE-2025-58743

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

CVE-2025-58743

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

CVE-2025-58743

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

PT-2026-3668

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9.0 through 7.6.3.25808 Description The software contains a flaw due to the use of a broken cryptographic algorithm DES. This impacts the Password class within the C2SConnections.dll component on Windo...

MiracleLinux 8 : libssh-0.9.4-2.el8 (AXSA:2021-1281:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1281:01 advisory. libssh: denial of service when handling AES-CTR or DES ciphers CVE-2020-1730 libssh: unsanitized location in scp could lead to unwanted command...

CVE-2025-9239

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STRPARAM with the input Passw0rd...

CVE-2025-9239 elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STRPARAM with the input Passw0rd...

PT-2025-34143 · Elunez · Elunez Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A vulnerability exists in the EncryptUtils function within the DES Key Handler component of elunez eladmin. Manipulation of the STR PARAM argument with the input Passw0rd results in inadequate...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from the use of DES encryption to store passwords, which can be exploited by an attacker to cause...