Kaden Vodomery Kaden PICOFLUX AiR 信任管理问题漏洞

Kaden Vodomery Kaden PICOFLUX AiR is an electronic cold water meter from the Czech company Kaden Vodomery. Measurement data is transmitted via radio and readings are taken online. The Kaden Vodomery Kaden PICOFLUX AiR suffers from a trust management issue vulnerability that stems from the fact th...

CVE-2022-38117

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...

CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session...

PT-2022-23542 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 3.6.2 Description: A hard-coded JWT key was found in the project config file of Novel-Plus, allowing attackers to create a custom user session. Recommendations: For Novel-Plus version 3.6.2, consider removing the hard-coded...

novel-plus 信任管理问题漏洞

novel-plus 小说精品屋-plus is a multiterminal PC, WAP reading, full-featured original literature CMS system. A security vulnerability exists in novel-plus version v3.6.2, which stems from the inclusion of a hard-coded JWT key located in the project configuration file, which allows an attacker to creat...

PT-2022-4412 · Delta Industrial Automation · Dialink

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation DIALink versions 1.4.0.0 and prior Description: The issue is related to the use of a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive data and compromise the machine. This could...

CVE-2022-1400

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-1400

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Device42 信任管理问题漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A security vulnerability in Device42 CMDB version 18.01.00 and earlier, which stems from the use of a hard-coded encryption key vulnerability in WebReportsApi.d...

PT-2022-22954 · Hulu · Hulu App For Android

Name of the Vulnerable Software and Affected Versions: Hulu App for Android versions 3.0.47 through 3.1.1 Description: The issue concerns the use of a hard-coded API key for an external service in the Hulu App for Android. This could potentially allow the API key to be obtained by analyzing the...

PT-2022-4179 · Device42 · Device42 Cmdb

Name of the Vulnerable Software and Affected Versions: Device42 CMDB versions prior to 18.01.00 Description: The issue is related to the use of a hard-coded cryptographic key in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance. This allows an attacker...

CVE-2022-32965

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

CVE-2021-22644 Ovarro TBox Use of Hard-coded Cryptographic Key

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

"Hulu" App for Android uses a hard-coded API key for an external service

Overview "Hulu" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service CWE-798. Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact T...

CVE-2022-34906

A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests...

CVE-2022-34906

A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests...

FileWave 信任管理问题漏洞

FileWave is an endpoint management suite from the Swiss company FileWave. FileWave suffers from a security vulnerability that originates from the fact that an unauthenticated attacker can decrypt sensitive information stored in FileWave using a hard-coded encryption key, or even send a crafted...