65 matches found
CVE-2026-36606
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...
CVE-2026-36606
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...
Acer Wave 7 router 安全漏洞
The Acer Wave 7 router is a three-band wireless router from Acer, a company based in Taiwan, China. The Acer Wave 7 router has a security vulnerability. This vulnerability allows attackers to decrypt, modify, and re-encrypt system backups, enabling persistent backdoors attacks...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the ExtractTarGz process. An attacker can write arbitrary files to locations outside the intended extraction directory by submitting a crafted .tar.gz archive containing directory traversal sequences. This is only...
CVE-2026-25107
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...
CVE-2026-25107
The CVE-2026-25107 entry concerns ELECOM wireless LAN access point devices that use a hard-coded cryptographic key when creating configuration backups. A knowledgeable attacker could tamper a product’s backup configuration file, and a victim administrator could be tricked into loading a crafted c...
Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights
Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...
CVE-2025-59785
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
EUVD-2025-208278
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59785
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59785
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59785 API - Insufficient Input Validation
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2022-0444
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key...
CVE-2025-67745 Myhoard logs backup encryption key in plain text
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...
CVE-2025-67745 Myhoard logs backup encryption key in plain text
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...
EUVD-2014-7866
Malware in sbrugna...
EUVD-2012-4509
Malware in sbrugna...
EUVD-2014-4737
Malware in sbrugna...
EUVD-2022-15583
Malicious code in bioql PyPI...
EUVD-2022-39321
Malicious code in bioql PyPI...