578 matches found
CVE-2025-15605 Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...
CVE-2025-15605
This CVE affects TP-Link Archer NX200, NX210, NX500, and NX600 models. The root cause is a hardcoded cryptographic key in the configuration encryption mechanism, enabling an attacker (authenticated, adjacent access) to decrypt, modify, and re-encrypt device configuration data, compromising confid...
CVE-2025-15605
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...
CVE-2025-15605 Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...
PT-2026-27165
Name of the Vulnerable Software and Affected Versions TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600 Description A cryptographic key that is hardcoded into the configuration mechanism allows decryption and re-encryption of device configuration data. An...
CVE-2026-33072
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
CVE-2026-33072
Summary. CVE-2026-33072 affects FileRise, a self-hosted web file manager/WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key (default_please_change_this_key) is used for all crypto operations (HMAC token generation, AES config encryption, and session tokens), enabling an...
CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
CVE-2026-33072
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
EUVD-2026-13643
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
PT-2026-26589
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key default please change this key is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated...
EUVD-2019-19744
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...
PT-2026-24768
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...
EUVD-2024-55462
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...
PT-2026-22780
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...
CVE-2024-55023
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...
CVE-2024-55023
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...
Binardat 10G08-0800GSM 加密问题漏洞
Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM has a security vulnerability related to encryption. This vulnerability stems from the use of a hardcoded key in the RC4 algorithm embedded within the client JavaScript, which may lead...
CVE-2026-22906
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass...