187 matches found
CVE-2024-45837
Summary of CVE-2024-45837 : AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software are affected by a vulnerability described as a use of a hard-coded cryptographic key. This flaw enables a network-adjacent, unauthenticated attacker to log in to the SFTP service and obtain and/or manipulate un...
CVE-2024-45837
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files...
JVN#16114985: "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key
"Kura Sushi Official App Produced by EPARK" for Android provided by EPARK, Inc. uses a hard-coded cryptographic key CWE-321. Impact An attacker may obtain the login ID and password for the affected product. Solution Update the application Update the application to the latest version according to...
CVE-2024-38314
IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment...
JVN#41397971: Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software
AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0...
Use Of Hard-coded Cryptographic Key
Dragonfly is vulnerable to Use of Hard-coded Cryptographic Key. The vulnerability is due to the use of a hardcoded secret key for JWT verification, allowing attackers to bypass authentication and perform actions with admin privileges. The issue is addressed in version 2.0.9, and users are advised...
CVE-2024-42418
Avtec Outpost (CVE-2024-42418) uses a default cryptographic key that can decrypt sensitive data. Affected: Outpost 0810 and Outpost Uploader Utility prior to version 5.0.0. Root cause: hard-coded/default key. Impact: confidentiality risk; no integrity/availability impact noted. Mitigation: upgrad...
Exploit for Improper Restriction of Excessive Authentication Attempts in Logsign Unified_Secops_Platform
Logsign SIEM RCE Exploit CVE-2024-5716 & CVE-2024-5717 This...
CVE-2024-33849
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key...
(0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker ca...
CVE-2024-5296 D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2024-31410
CVE-2024-31410 affects CyberPower PowerPanel software where devices use identical certificates based on a hard-coded cryptographic key, enabling impersonation of any client and sending malicious data. Connected sources confirm vulnerable PowerPanel components and reference mitigations. The offici...
CVE-2023-32169
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2023-39465 Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to explo...
CVE-2024-30407
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router JCNR and containerized routing Protocol Deamon cRPD products allows an attacker to perform Person-in-the-Middle PitM attacks which results in complete compromise of the container. Due to...
CVE-2024-30407
The CVE-2024-30407 entry details a vulnerability in Juniper Networks JCNR and containerized routing Protocol Daemon (cRPD) caused by hard-coded cryptographic keys and SSH host keys in containers, enabling Man-in-the-Middle attacks and potentially complete container compromise. Affected versions: ...
CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router JCNR and containerized routing Protocol Deamon cRPD products allows an attacker to perform Person-in-the-Middle PitM attacks which results in complete compromise of the container. Due to...
CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router JCNR and containerized routing Protocol Deamon cRPD products allows an attacker to perform Person-in-the-Middle PitM attacks which results in complete compromise of the container. Due to...
CVE-2024-2413 Intumit SmartRobot - Use of Hard-coded Cryptographic Key
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...
CVE-2024-2413 Intumit SmartRobot - Use of Hard-coded Cryptographic Key
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...