Lucene search
+L

187 matches found

CVE
CVE
added 2024/11/22 12:13 a.m.65 views

CVE-2024-45837

Summary of CVE-2024-45837 : AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software are affected by a vulnerability described as a use of a hard-coded cryptographic key. This flaw enables a network-adjacent, unauthenticated attacker to log in to the SFTP service and obtain and/or manipulate un...

5.4CVSS7AI score0.00325EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/22 12:13 a.m.25 views

CVE-2024-45837

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files...

5.4CVSS0.00325EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/11/20 12:0 a.m.11 views

JVN#16114985: "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

"Kura Sushi Official App Produced by EPARK" for Android provided by EPARK, Inc. uses a hard-coded cryptographic key CWE-321. Impact An attacker may obtain the login ID and password for the affected product. Solution Update the application Update the application to the latest version according to...

4CVSS7AI score0.00152EPSS
Exploits0
NVD
NVD
added 2024/10/24 6:15 p.m.9 views

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment...

5.9CVSS0.00306EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/18 12:0 a.m.29 views

JVN#41397971: Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0...

8CVSS8.2AI score0.01077EPSS
Exploits0
Veracode
Veracode
added 2024/09/23 5:6 p.m.13 views

Use Of Hard-coded Cryptographic Key

Dragonfly is vulnerable to Use of Hard-coded Cryptographic Key. The vulnerability is due to the use of a hardcoded secret key for JWT verification, allowing attackers to bypass authentication and perform actions with admin privileges. The issue is addressed in version 2.0.9, and users are advised...

9.8CVSS6.9AI score0.33618EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/08/22 7:52 p.m.70 views

CVE-2024-42418

Avtec Outpost (CVE-2024-42418) uses a default cryptographic key that can decrypt sensitive data. Affected: Outpost 0810 and Outpost Uploader Utility prior to version 5.0.0. Root cause: hard-coded/default key. Impact: confidentiality risk; no integrity/availability impact noted. Mitigation: upgrad...

8.7CVSS7.5AI score0.0037EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2024/08/06 7:49 a.m.476 views

Exploit for Improper Restriction of Excessive Authentication Attempts in Logsign Unified_Secops_Platform

Logsign SIEM RCE Exploit CVE-2024-5716 & CVE-2024-5717 This...

9.8CVSS9.6AI score0.02973EPSS
Exploits1
NVD
NVD
added 2024/05/28 4:15 p.m.16 views

CVE-2024-33849

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key...

6.5CVSS6.6AI score0.0037EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2024/05/24 12:0 a.m.15 views

(0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker ca...

9.8CVSS7.2AI score0.01124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/23 9:29 p.m.15 views

CVE-2024-5296 D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS7AI score0.01124EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 7:56 p.m.56 views

CVE-2024-31410

CVE-2024-31410 affects CyberPower PowerPanel software where devices use identical certificates based on a hard-coded cryptographic key, enabling impersonation of any client and sending malicious data. Connected sources confirm vulnerable PowerPanel components and reference mitigations. The offici...

7.7CVSS6.8AI score0.002EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/03 2:15 a.m.6 views

CVE-2023-32169

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS5.9AI score0.56064EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 1:59 a.m.16 views

CVE-2023-39465 Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to explo...

7.5CVSS6.2AI score0.00707EPSS
Exploits0References2
NVD
NVD
added 2024/04/12 3:15 p.m.15 views

CVE-2024-30407

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router JCNR and containerized routing Protocol Deamon cRPD products allows an attacker to perform Person-in-the-Middle PitM attacks which results in complete compromise of the container. Due to...

9.2CVSS8.1AI score0.00676EPSS
Exploits0References3
CVE
CVE
added 2024/04/12 3:3 p.m.80 views

CVE-2024-30407

The CVE-2024-30407 entry details a vulnerability in Juniper Networks JCNR and containerized routing Protocol Daemon (cRPD) caused by hard-coded cryptographic keys and SSH host keys in containers, enabling Man-in-the-Middle attacks and potentially complete container compromise. Affected versions: ...

9.2CVSS6.8AI score0.00676EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/12 3:3 p.m.23 views

CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router JCNR and containerized routing Protocol Deamon cRPD products allows an attacker to perform Person-in-the-Middle PitM attacks which results in complete compromise of the container. Due to...

9.2CVSS8.2AI score0.00676EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/12 3:3 p.m.15 views

CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router JCNR and containerized routing Protocol Deamon cRPD products allows an attacker to perform Person-in-the-Middle PitM attacks which results in complete compromise of the container. Due to...

9.2CVSS6.9AI score0.00676EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 2:51 a.m.13 views

CVE-2024-2413 Intumit SmartRobot - Use of Hard-coded Cryptographic Key

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...

9.8CVSS8.2AI score0.00574EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/13 2:51 a.m.22 views

CVE-2024-2413 Intumit SmartRobot - Use of Hard-coded Cryptographic Key

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...

9.8CVSS10AI score0.00574EPSS
Exploits0References1
Rows per page
Query Builder