CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/03 12:0 a.m.•35 views

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

0.00104EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•10 views

PT-2026-45994

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00104EPSS

NVD•added 2026/05/29 11:16 a.m.•12 views

CVE-2026-49201

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS0.0018EPSS

Cvelist•added 2026/05/07 10:25 p.m.•28 views

CVE-2026-6411 MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS0.00159EPSS

Vulnrichment•added 2026/05/07 10:25 p.m.•7 views

CVE-2026-6411 MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

7.3CVSS5.8AI score0.00159EPSS

CVE•added 2026/05/07 10:25 p.m.•14 views

CVE-2026-6411

The CVE-2026-6411 issue affects MAXHUB Pivot client applications before v1.36.2. It stems from a hardcoded AES key, allowing decrypting encrypted tenant email addresses and related metadata, resulting in cleartext exposure. Additionally, an attacker could trigger a denial-of-service by enrolling ...

7.3CVSS5.8AI score0.00159EPSS

RedhatCVE•added 2026/03/27 2:25 p.m.•7 views

CVE-2021-27481

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...

5.5CVSS6.9AI score0.00152EPSS

CNNVD•added 2026/03/20 12:0 a.m.•5 views

FileRise 安全漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise prior to 3.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a hardcoded default encryption key, which could allow unverified attackers to forge upload tokens...

8.2CVSS5.8AI score0.00225EPSS

Exploits1References2

RedhatCVE•added 2026/03/04 1:57 a.m.•4 views

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

5.3CVSS5.9AI score0.00174EPSS

OSV•added 2026/03/03 8:16 p.m.•4 views

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

5.3CVSS5.8AI score

NVD•added 2026/03/03 8:16 p.m.•5 views

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

5.3CVSS0.00174EPSS

ATTACKERKB•added 2026/03/03 12:0 a.m.•3 views

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

5.3CVSS5.9AI score0.00174EPSS

CVE•added 2026/03/03 12:0 a.m.•7 views

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53 on OS v20231011 contains a hardcoded encryption key, enabling potential access to sensitive information (CVE-2024-55023). Affected component: easyweb (Weintek). Underlying cause: hardcoded key disclosed in description. Documented impact: confidentiality impact ...

5.3CVSS5.9AI score0.00174EPSS

Exploits0References2Affected Software2

CNNVD•added 2026/02/13 12:0 a.m.•3 views

Calero VeraSMART 信任管理问题漏洞

Calero VeraSMART is a telephone billing software developed by the American company Calero. Versions of Calero VeraSMART prior to 2026 R1 contained a trust management vulnerability. This vulnerability stemmed from the hardcoded static AES encryption key contained in the Veramark.Framework.dll, whi...

8.5CVSS5.8AI score0.00087EPSS

NVD•added 2025/12/26 5:16 a.m.•6 views

CVE-2025-52601

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

7.8CVSS0.00091EPSS