41 matches found
PT-2026-46230
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...
CVE-2025-13399
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
EUVD-2025-206515
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
PT-2026-5319
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
TP-Link TL-WR820N 安全漏洞
TP-Link TL-WR820N is a wireless router from China P&L TP-Link. A security vulnerability exists in TP-Link TL-WR820N v2.80, which originates from the use of weak encryption algorithms by the SSH server, which could lead to a neighboring attacker intercepting and decrypting SSH traffic and leaking...
EUVD-2001-0360
Malware in sbrugna...
CVE-2025-7970
A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise...
CVE-2025-31977
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions...
Briar 加密问题漏洞
Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in Briar versions prior to 1.5.3,...
Rockwell Automation ThinManager 加密问题漏洞
Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. Rockwell Automation ThinManager has an encryption issue vulnerability that stems from allowing the use of...
Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2016-2107)
Summary There is a vulnerability in open source OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote user with the ability to conduct a man-in-the-middle attack to decrypt traffic. Vulnerability Details CVEID:...
CVE-2021-23842
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...
Argo Server TLS requests could be forged by attacker with network access
Impact We are not aware of any exploits. This is a pro-active fix. Impacted: You are running Argo Server = v3.0 with --secure unspecified note - running in secure mode is recommended regardless. The attacker is within your network. If you expose Argo Server to the Internet then "your network" is...
Argo Server TLS requests could be forged by attacker with network access
Impact We are not aware of any exploits. This is a pro-active fix. Impacted: You are running Argo Server = v3.0 with --secure unspecified note - running in secure mode is recommended regardless. The attacker is within your network. If you expose Argo Server to the Internet then "your network" is...
JetBrains Code With Me 安全漏洞
JetBrains Code With Me is a plug-in application from the Czech company JetBrains that provides code co-editing for the IntelliJ IDE. JetBrains Code With Me suffers from a cryptographic issue vulnerability that can be exploited by an attacker on the local network to access encrypted traffic knowin...
Scalance X Products hard-coded encryption key vulnerability (CNVD-2021-02592)
SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products hard-coded encryption key vulnerability can be exploited by an attacker to handle man-in-the-middle scenarios and decrypt previously...
CVE-2020-28395
A vulnerability has been identified in SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.0. Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a...
PT-2021-2203 · Siemens · Scalance X-200 +2
Name of the Vulnerable Software and Affected Versions: SCALANCE X-200 versions prior to V3.2.7 SCALANCE X-200IRT versions prior to V3.2.7 SCALANCE X-300 versions prior to V4.1.0 Description: The issue is related to the reset function of industrial switches, which does not generate a new...
CVE-2020-12142
IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative...
CVE-2018-9195
Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...