CVE-2026-35019

NetComm NF20MESH routers with firmware R6B031 and earlier are affected by an authentication bypass in the web management interface. The root cause is a hardcoded AES-256 key used to encrypt session cookies; an attacker can forge a valid encrypted cookie with the shared key to bypass authenticatio...

EUVD-2026-38453

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

MAXHUB Pivot client application 加密问题漏洞

The MAXHUB Pivot client application is a client component of the MAXHUB company’s device management platform. Versions of the MAXHUB Pivot client application prior to 1.36.2 contained an encryption vulnerability. This vulnerability stemmed from the hardcoded AES key within the application. It cou...

EUVD-2018-17564

Malware in sbrugna...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2023-20512

CVE-2023-20512 describes a hardcoded AES key in PMFW that could allow a privileged attacker to access the key and potentially leak internal debug information. Multiple connected sources corroborate PMFW as the affected component and the root cause as a hardcoded key, leading to unauthorized acces...

CVE-2023-21426

The CVE-2023-21426 vulnerability affects Samsung mobile devices running SMR prior to Jan-2023 Release 1, where a hardcoded AES key is used to encrypt card emulation PINs in NFC. The root cause is the hardcoded key in the NFC card emulation workflow, enabling local attackers to access cardemulatio...

Cellebrite EPR Decryption Hardcoded AES Key Material Vulnerability

The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of...

CVE-2014-4875

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server BOSS DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access...

CVE-2014-4875

CVE-2014-4875 : In Toshiba CHEC, the CreateBossCredentials.jar file in versions before 6.6 build 4014 and before 6.7 build 4329 contains a hard-coded AES key, enabling an attacker with access to bossinfo.pro to decrypt and obtain the BOSS DB2 credentials. The risk materializes as the potential di...

CVE-2014-4875

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server BOSS DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access...