TRCore DVC Trust Management Issue Vulnerability

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

PT-2024-31802 · Aiphone · Aiphone Ixg System

Name of the Vulnerable Software and Affected Versions: AIPHONE IX SYSTEM affected versions not specified AIPHONE IXG SYSTEM affected versions not specified System Support Software affected versions not specified Description: A use of hard-coded cryptographic key issue exists, allowing a...

Tenda W9 Hardcoded Password Vulnerability

Tenda W9 is a wireless in-wall access point from Tenda, China. A hard-coded password vulnerability exists in the Tenda W9, which stems from a hard-coded password issue that can be exploited by an attacker to log in as root...

"Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

Overview "Kura Sushi Official App Produced by EPARK" for Android provided by EPARK, Inc. uses a hard-coded cryptographic key CWE-321. Nishimura Reiji of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

PT-2024-35399 · Epark · Kura Sushi Official App

Name of the Vulnerable Software and Affected Versions: Kura Sushi Official App Produced by EPARK versions prior to 3.8.5 Description: A use of hard-coded cryptographic key issue exists in the Kura Sushi Official App Produced by EPARK. If this issue is exploited, a local attacker may obtain the...

JVN#16114985: "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

"Kura Sushi Official App Produced by EPARK" for Android provided by EPARK, Inc. uses a hard-coded cryptographic key CWE-321. Impact An attacker may obtain the login ID and password for the affected product. Solution Update the application Update the application to the latest version according to...

EPARK Kura Sushi Official App 安全漏洞

EPARK Kura Sushi Official App is a sushi purchasing and reservation storefront application from EPARK, Inc. A security vulnerability exists in the EPARK Kura Sushi Official App version prior to 3.8.5, which stems from an issue with the use of hard-coded encryption keys, where a local attacker may...

Tenda W30E 安全漏洞

The Tenda W30E is a router from the Chinese company Tenda. The Tenda W30E suffers from a hard-coded password vulnerability that stems from the presence of a hard-coded password issue that can be exploited by an attacker to log in as root...

Tenda W9 安全漏洞

Tenda W9 is a wireless in-wall access point from Tenda, China. A hard-coded password vulnerability exists in the Tenda W9, which stems from a hard-coded password issue that can be exploited by an attacker to log in as root...

TRCore DVC 安全漏洞

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

PT-2025-7434 · Ibm · Ibm Cognos Controller +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue concerns hard-coded database passwords in the source code of the client application, which could be used for unauthorized access to...

CVE-2024-48971

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...

CVE-2024-48971

The CVE-2024-48971 issue affects Baxter Life2000 Ventilation System where the Clinician Password and Serial Number Clinician Password are hard-coded in plaintext on the device, enabling an attacker to obtain credentials and gain unauthorized access with clinician privileges. Root cause cited incl...

CVE-2024-48971 Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...

PT-2024-33306 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator a...

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

Siemens SINEC INS Using Hardcoded Encryption Keys Vulnerability

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...

Cybele Software Thinfinity Workspace 安全漏洞

Cybele Software Thinfinity Workspace is an integrated solution for virtualizing applications, desktops, data and accessing any host from a unified portal from Cybele Software, USA. A security vulnerability exists in Cybele Software Thinfinity Workspace versions prior to v7.0.2.113 that stems from...

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...