CVE-2021-27254

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the applysave.cgi endpoint. This issue results from the use of hard-coded...

CVE-2020-10884

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

Desknets Neo 安全漏洞

Desknets Neo is a remote office support software from Desknets Japan. A security vulnerability exists in Desknets Neo versions V4.0R1.0 through V9.0R2.0, which stems from the use of a hard-coded encryption key, which could allow an attacker to create a malicious AppSuite application...

EUVD-2019-4011

Malware in sbrugna...

EUVD-2023-41198

Malicious code in bioql PyPI...

EUVD-2022-24986

Malicious code in bioql PyPI...

CVE-2019-5106

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

Siemens SINEC INS Using Hardcoded Encryption Keys Vulnerability

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...

Unspecified Vulnerability in IBM Maximo Application Suite-Monitor Component

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A security vulnerability exists in IBM Maximo Application Suite-Monitor Component, which stems from the...

Design/Logic Flaw

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

CVE-2023-48392

CVE-2023-48392 affects Kaifa Technology WebITR, an online attendance system. The root cause is use of a hard-coded encryption key that allows an unauthenticated remote attacker to generate valid token parameters, enabling login as an arbitrary user (including administrator) and access to the syst...

CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

Multiple Siemens products use hard-coded encryption key vulnerability

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

CVE-2023-37291

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through...

CVE-2023-37291

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through...

CVE-2023-37291 Galaxy Software Services Vitals ESP - Use of Hard-coded Cryptographic Key

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through...

CVE-2023-37291

The CVE-2023-37291 issue affects Galaxy Software Services Vitals ESP (versions 3.0.8–6.2.0) where a hard-coded encryption key enables an unauthenticated remote attacker to generate a valid token parameter and gain access to the system to operate processes and access data. This is confirmed across...

Critical Flaws Disclosed in Device42 IT Asset Management Software

Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain...

PT-2022-2958 · Sonicwall · Sonicwall Sma1000

Name of the Vulnerable Software and Affected Versions: SonicWall SMA1000 series firmware versions 12.4.0, 12.4.1-02965 and earlier Description: The issue is related to the use of a shared and hard-coded encryption key to store data. This could allow an attacker to disclose protected information...