1110 matches found
CVE-2025-30200
ECOVACS robot vacuums and base stations are affected by CVE-2025-30200, where devices communicate over an insecure Wi‑Fi network and use a deterministic AES key that can be derived from the device serial number. The vulnerability is also described as allowing insecure firmware/over‑the‑air update...
CVE-2025-30200 ECOVACS Vacuum and Base Station Hard-Coded AES Encryption
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...
CVE-2025-41702
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
CVE-2025-9604
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
CVE-2025-9604
CVE-2025-9604 affects coze-studio up to 0.2.4. The vulnerability is in an unknown function within backend/domain/plugin/encrypt/aes.go where manipulation of AuthSecretKey, StateSecretKey, or OAuthTokenSecretKey can lead to use of a hard-coded cryptographic key. Attackers could initiate remotely; ...
CVE-2025-9604 coze-studio aes.go hard-coded key
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
CVE-2025-9604 coze-studio aes.go hard-coded key
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
PT-2025-35169
Name of the Vulnerable Software and Affected Versions: coze-studio versions up to 0.2.4 Description: A vulnerability exists due to the use of hard-coded cryptographic keys. The issue is located in an unknown function within the backend/domain/plugin/encrypt/aes.go file. Manipulation of the...
CVE-2025-55279
This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...
CVE-2025-26398
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
CVE-2025-55279 Hard-coded Private Key Vulnerability in ZKTeco WL20
This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...
ZKTeco WL20 信任管理问题漏洞
The ZKTeco WL20 is an intelligent fingerprint time and attendance machine from China's Entropy Base Technology ZKTeco. The ZKTeco WL20 suffers from a trust management issue vulnerability that stems from a hard-coded private key stored in the device firmware, which could allow a physical access...
CVE-2025-26398
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
CVE-2025-26398
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
CVE-2025-26398 SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
CVE-2025-26398 SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...
CVE-2025-26398
CVE-2025-26398 is documented as a vulnerability in SolarWinds Database Performance Analyzer where a hard-coded cryptographic key exists. According to the sources, exploitation could enable a local attacker with administrator privileges (and with access to the host where the additional software is...
PT-2025-32636 · Solarwinds · Solarwinds Database Performance Analyzer
Name of the Vulnerable Software and Affected Versions: SolarWinds Database Performance Analyzer affected versions not specified Description: SolarWinds Database Performance Analyzer contains a hard-coded cryptographic key. Exploitation of this issue could lead to a machine-in-the-middle MITM atta...
CVE-2025-8759
A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic key . The attack can...
CVE-2025-8759
A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic key . The attack can...