8143 matches found
Multiple vulnerabilities in SS1
Overview SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength CWE-326 - CVE-2025-46409 Files or directories accessible to external parties CWE-552 - CVE-2025-52460 Incorrect permission assignment for critical resource CWE-732 -...
JVN#99577552: Multiple vulnerabilities in SS1
SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength(CWE-326) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5 CVE-2025-46409 Files or...
CVE-2025-41702
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
CVE-2025-41702 egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
CVE-2025-41702 egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
CVE-2025-9380
A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is...
CVE-2025-9380
CVE-2025-9380 affects FNKvision Y215 CCTV Camera firmware 10.194.120.40. The issue is hard-coded credentials in the Firmware’s /etc/passwd, enabling a local attacker to achieve full system compromise (C, I, A high per CVSS 4.0/3.1). An exploit is publicly available or referenced as a PoC, and ven...
CVE-2025-9380 FNKvision Y215 CCTV Camera Firmware passwd hard-coded credentials
A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is...
CVE-2025-9380 FNKvision Y215 CCTV Camera Firmware passwd hard-coded credentials
A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is...
FNKvision Y215 CCTV Camera 安全漏洞
FNKvision Y215 CCTV Camera is a camera from FNKvision Thailand. A security vulnerability exists in FNKvision Y215 CCTV Camera version 10.194.120.40, which stems from hard-coded credentials and may require local access...
PT-2025-34553
Name of the Vulnerable Software and Affected Versions: FNKvision Y215 CCTV Camera version 10.194.120.40 Description: A vulnerability exists in the FNKvision Y215 CCTV Camera due to hard-coded credentials within the /etc/passwd file of the Firmware component. Local access is required for...
CVE-2025-9309
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...
CVE-2025-51606
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
Reolink App 安全漏洞
Reolink App is a mobile application from Reolink USA. A security vulnerability exists in Reolink App version v4.54.0.4.20250526, which stems from the use of hard-coded encryption keys and initialization vectors, which could lead to the decryption of access tokens and session tokens...
hippo4j Includes Hard Coded Secret Key in JWT Creation
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
GHSA-48CG-9C55-J2Q7 hippo4j Includes Hard Coded Secret Key in JWT Creation
hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT JSON Web Token creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability poses a critical...
CVE-2025-9309
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...
CVE-2025-9309
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...
CVE-2025-9310
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...
CVE-2025-9310
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...