19 matches found
CVE-2021-27328
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the use of a static extractable password in the firmware update ZIP file, potentially allowing the firmware to be...
EUVD-2025-16691
Malicious code in bioql PyPI...
CVE-2025-49164
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...
CVE-2025-49164
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...
Arris VIP1113 安全漏洞
The Arris VIP1113 is a set-top box for HD IPTV services from Arris USA. A security vulnerability exists in the Arris VIP1113 version 2025-05-30 and earlier, which stems from a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...
CVE-2025-49164
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...
CVE-2025-49164
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...
CVE-2025-49164
CVE-2025-49164 affects Arris VIP1113 devices using the KreaTV SDK. The root issue is exposure of the firmware decryption key: cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a. Documented scope indicates vulnerability through 2025-05-30; exploitation status is not provided in the s...
CVE-2024-50690
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates...
SunGrow WiNet-S 安全漏洞
SunGrow WiNet-S is a LAN communication module from SunGrow, China. A security vulnerability exists in SunGrow WiNet-S version V200.001.00.P027 and prior versions, which can be exploited by an attacker to decrypt all firmware updates...
PT-2024-22296 · Image Access Gmbh · Scan2Net
Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The issue concerns the application's use of several hard-coded credentials. These credentials are used for encrypting config files during backup and decrypting new firmware during...
Image Access Scan2Net 安全漏洞
Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from the application's use of multiple hard-coded credentials to encrypt configuration...
Siemens CPCI85 Central Processing 安全漏洞
The SICAM A8000 RTU Remote Terminal Unit is a modular device for remote control and automation applications in all areas of energy supply. A firmware decryption vulnerability exists in the Siemens SICAM A8000 CP-8031 and CP-8050 due to the fact that the affected devices contain a secure element...
Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal
Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 This is a Proof of Concept for CVE-2021-27328 Example to get firmware decrypting password http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmwaredetect to get /etc/paswd...
CVE-2021-27328
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...
CVE-2021-27328
The CVE-2021-27328 entry affects Yeastar NeoGate TG400 91.3.0.3 and is confirmed via multiple connected sources as a Directory Traversal vulnerability. An authenticated user can traverse paths to decrypt firmware and read sensitive files (e.g., firmware password/decryption key). Public PoCs and d...
Circle with Disney Firmware Update Signature Check Bypass Vulnerability(CVE-2017-2898)
Summary An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series...
Hacker Publishes iOS Secure Enclave Firmware Decryption Key
A hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor SEP firmware. The hacker, identified only as xerub, told Threatpost that the key unlocks only the SEP firmware, and that this would not impact user data. “Everybody can look and poke a...