PT-2024-21694 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns Toshiba printers that have programs containing a hardcoded key used for file encryption. An attacker can exploit this by using the hardcoded key to decrypt...

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...

PT-2024-26442 · Anpviz · Anpviz

Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to download the running configuration of the device via a HTTP GET request to "/ConfigFile.ini" or "/config.xml" URIs. This configuration file...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...

CVE-2024-33891

CVE-2024-33891 (Delinea Secret Server) : Affects Secret Server versions prior to 11.7.000001. The issue enables authentication bypass via the SOAP API at SecretServer/webservices/SSWebService.asmx, linked to a hardcoded key, the Admin user being represented as the integer 2, and removal of the oa...

Broadcom Brocade SANnav 信任管理问题漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which stems from the fact that the SSH key within the OVA image is hardcoded and is the same in the VM every time SANnav is...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

PT-2024-13713 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows for the download of configuration backups without proper authorization. These backups contain passwords that can be decrypted using a...

Siemens SCALANCE Family Products Use of Hard-Coded Cryptographic Key (CVE-2023-44318)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU, RUGGEDCOM RM1224 LTE4G NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router Annex A, SCALANCE M812-1 ADSL-Router Annex B, SCALANCE M816-1 ADSL-Router Annex A, SCALANCE M816-1 ADSL-Router Annex B, SCALANCE M826-2 SHDSL-Router, SCALANC...

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...

CVE-2023-46919

Phlox com.phlox.simpleserver aka Simple HTTP Server 1.8 and com.phlox.simpleserver.plus aka Simple HTTP Server PLUS 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K AES encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it...

PT-2023-30262 · Phlox · Simple Http Server Plus +1

Name of the Vulnerable Software and Affected Versions: Phlox com.phlox.simpleserver aka Simple HTTP Server version 1.8 com.phlox.simpleserver.plus aka Simple HTTP Server PLUS version 1.8.1-plus Description: The issue is related to a hardcoded encryption key, specifically aKySWb2jjrr4dzkYXczKRt7K,...

Authentication bypass vulnerability in navidrome's subsonic endpoint

Summary A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token JWT signed with the key "not so secret". The vulnerability can only be exploited o...

Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...