4 matches found
CVE-2025-41702
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
CVE-2025-41702 egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
CVE-2025-41702 egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key...
Welotec多款产品 安全漏洞
Welotec EG400Mk2 series and Welotec EG500Mk2 series are a series of edge IoT computing gateways from Welotec, Germany. A security vulnerability exists in several Welotec products that stems from JWT keys hardcoded in the egOS WebGUI backend, which could lead to bypassing authentication and...