1110 matches found
AiKaan Cloud Controller 安全漏洞
AiKaan Cloud Controller is a monitoring platform for Internet edge devices from AiKaan India. AiKaan Cloud Controller has a security vulnerability that stems from remote endpoint access using a hard-coded SSH private key and username proxyuser, which could allow an attacker to impersonate a manag...
AiKaan IoT management platform 安全漏洞
Aikaan IoT management platform is a management platform from Aikaan India. AiKaan IoT management platform suffers from a security vulnerability that stems from insufficiently hardened proxyuser accounts and the use of a shared hard-coded SSH private key, which could lead to remote code execution,...
CVE-2025-54807 Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system...
CVE-2025-54807
CVE-2025-54807 affects Dover Fueling Solutions ProGauge MagLink LX4 devices and related MAGLINK LX Console family. The root cause is a hard-coded cryptographic key used to validate authentication tokens embedded in affected device firmware. This allows an attacker who obtains the signing key to b...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...
CVE-2025-10250
A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...
Hard-coded Cryptographic Key
cn.hippo4j, hippo4j-core is vulnerable to use of hard-coded cryptographic key. The vulnerability is due to a hard-coded secret key in JWT creation, which allows an attacker to forge valid access tokens and impersonate any user, including privileged ones like "admin"...
CVE-2025-10250
A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...
CVE-2025-10250
CVE-2025-10250 affects DJI Mavic Spark/Mavic Air/Mavic Mini (firmware 01.00.0500) due to a hard-coded cryptographic key in the Telemetry Channel. A local-network attacker can exploit this, with the vulnerability described as high attack complexity and publicly released exploit; affected products ...
CVE-2025-10250 DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key
A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...
CVE-2025-10250 DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key
A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...
PT-2025-37174
Name of the Vulnerable Software and Affected Versions: DJI Mavic Spark version 01.00.0500 DJI Mavic Air version 01.00.0500 DJI Mavic Mini version 01.00.0500 Description: A weakness exists in the Telemetry Channel component due to the use of a hard-coded cryptographic key. An attacker present on t...
CVE-2025-10080
A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...
CVE-2025-10080
A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...
CVE-2025-10080 running-elephant Datart API AESUtil.java getTokensecret hard-coded key
A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...
CVE-2025-10080 running-elephant Datart API AESUtil.java getTokensecret hard-coded key
A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...
CVE-2025-10080
The CVE affects the API component of running-elephant Datart up to version 1.0.0-rc3, specifically the getTokensecret function in datart/security/src/main/java/datart/security/util/AESUtil.java, which uses a hard-coded cryptographic key. The issue is remotely exploitable with high complexity; exp...
PT-2025-36428
Name of the Vulnerable Software and Affected Versions: Datart versions up to 1.0.0-rc3 Description: A vulnerability exists in Datart due to the use of a hard-coded cryptographic key within the getTokensecret function located in the datart/security/src/main/java/datart/security/util/AESUtil.java...
CVE-2025-30198 ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived...
CVE-2025-30198
CVE-2025-30198 affects ECOVACS robot vacuums and base stations. Root causes: insecure Wi‑Fi using a deterministic WPA2-PSK that can be derived from device serial numbers; base stations do not validate firmware updates, enabling potential malicious OTA updates; AES encryption key similarly derivab...