CVE-2026-49201

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

CVE-2026-49201

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

CVE-2026-49201

The CVE-2026-49201 entry concerns Acer Wave 7 routers (upload.cgi handling device backups) with a hardcoded AES encryption key. The underlying issue is a fixed cryptographic key embedded in the backup processing binary, enabling an attacker to decrypt, modify, and re-encrypt backups, which can fa...

CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui

HTB-Snapped--Writeup HTB Snapped — Hard Linux machine writeup...

Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui

HTB-Snapped-Writeup HTB Snapped — Hard Linux machine writeup...

PT-2026-29550

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

📄 Nginx UI 2.3.3 Backup Decryption Mass Scanner

This Python tool is a multi‑threaded scanner and exploitation utility designed to identify and validate the vulnerability CVE-2026-27944 affecting Nginx UI versions 2.3.2 and below. The script supports scanning single hosts, CIDR ranges, or target lists, and checks multiple common web service...

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...

The vulnerability of the command-line interface of FortiOS operating systems and the FortiProx proxy server, which allows a hacker to decrypt the backup file.

The vulnerability of the command-line interface of FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks is related to insufficient calculation of password hashes. Exploiting this vulnerability can allow attackers to decrypt the backup file...

Fortinet FortiOS and Fortinet FortiProxy Cross-Site Scripting Vulnerabilities

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...