The vulnerability of the serial interface converter NPort IAW5250A-6I/O lies in the use of a hard-coded cryptographic key, which allows a hacker to modify the device’s firmware.

The vulnerability of the NPort IAW5250A-6I/O serial interface converter is related to the use of a rigidly encoded cryptographic key. Exploiting this vulnerability could allow an attacker to modify the device’s firmware remotely...

CVE-2021-38461

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...

CVE-2021-38461

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries...

PT-2021-22135 · Auvesy · Versiondog

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, so the information cannot be provided. Description: The issue concerns the use of a hard-coded blowfish key in encryption and decryption processes. This key can be easily extracted from binaries,...

CVE-2021-28912

BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access...

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

iDrive RemotePC 信任管理问题漏洞

iDrive RemotePC is remote control software from iDrive, Inc. A trust management issue vulnerability exists in iDrive RemotePC versions prior to 7.6.48 on Windows, where a locally authenticated attacker can read an encrypted version of the system's personal key in an owner-readable %PROGRAMDATA% l...

CVE-2021-20748

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Multiple vulnerabilities in Retty App

Overview Retty App provided by Retty Inc. contains multiple vulnerabilities listed below. The app is launched by Custom URL Scheme and a user may be led to access an arbitrary URL CWE-939 - CVE-2021-20747 The App uses a hard-coded API key for external services CWE-798 - CVE-2021-20748 Ryo Sato of...

CVE-2021-32520

Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

QSAN Storage Manager 信任管理问题漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A security vulnerability exists in QSAN Storage Manager that stems from the use of a hard-coded encryption key vulnerability that could be exploited by an attacker to gain access to user credentials and...

Logic flaw vulnerability in hera task scheduling system

hera task scheduler is a distributed task scheduler based on zeus rewrite. The hera Task Scheduler suffers from a logic flaw that can be exploited by an attacker to forge arbitrary login credentials via a built-in hard-coded key...

CVE-2021-27392

A vulnerability has been identified in Siveillance Video Open Network Bridge 2020 R3, Siveillance Video Open Network Bridge 2020 R2, Siveillance Video Open Network Bridge 2020 R1, Siveillance Video Open Network Bridge 2019 R3, Siveillance Video Open Network Bridge 2019 R2, Siveillance Video Open...

Hardcoded credentials

A vulnerability has been identified in Siveillance Video Open Network Bridge 2020 R3, Siveillance Video Open Network Bridge 2020 R2, Siveillance Video Open Network Bridge 2020 R1, Siveillance Video Open Network Bridge 2019 R3, Siveillance Video Open Network Bridge 2019 R2, Siveillance Video Open...

CVE-2021-27392

A vulnerability has been identified in Siveillance Video Open Network Bridge 2020 R3, Siveillance Video Open Network Bridge 2020 R2, Siveillance Video Open Network Bridge 2020 R1, Siveillance Video Open Network Bridge 2019 R3, Siveillance Video Open Network Bridge 2019 R2, Siveillance Video Open...

Xiaomi router AX1800 信任管理问题漏洞

Xiaomi router AX1800 is a router from China-based Xiaomi. A security vulnerability exists in Xiaomi router AX1800 rom version prior to 1.0.336 and RM1800 root version prior to 1.0.26, which stems from the encryption scheme of the user's backup file using a hard-coded key...

CVE-2021-26579

A security vulnerability in HPE Unified Data Management UDM could allow the local disclosure of privileged information CWE-321: Use of Hard-coded Cryptographic Key in a product. HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management UDM. Version 1.2103.0 of HPE...

HPE Unified Data Management 信任管理问题漏洞

HPE Unified Data Management is a software application from HPE America. It provides a management function. A security vulnerability exists in HPE Unified Data Management that originates from a hard-coded encryption key that allows local disclosure of privileged information...