CVE-2023-28937

DataSpider Servista 4.4 and earlier is affected by a vulnerability where a cryptographic key is hard-coded into ScriptRunner and ScriptRunner for Amazon SQS. If an attacker with access to a target DataSpider Servista instance can obtain a Launch Settings file, they may operate with the user’s enc...

CVE-2023-21426

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN...

PT-2023-18193 · Smr · Smr

Name of the Vulnerable Software and Affected Versions: SMR versions prior to Jan-2023 Release 1 Description: A hardcoded AES key is used to encrypt card emulation PINs in NFC, allowing attackers to access the PIN. Recommendations: For versions prior to Jan-2023 Release 1, update to Jan-2023 Relea...

PT-2022-6464 · Mgt Commerce · Mgt-Commerce Cloudpanel

Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE CloudPanel version 2.2.0 Description: The issue is related to the use of a static SSL certificate with a hardcoded cryptographic key in MGT-COMMERCE CloudPanel, which is shared across every installation. This could allow a remote...

PT-2022-10357 · Kaden · Kaden Picoflux Air

Name of the Vulnerable Software and Affected Versions: Kaden PICOFLUX AiR water meter affected versions not specified Description: The issue allows an adversary to read values from the device through wireless M-Bus mode 5, utilizing a hardcoded shared key, provided they are adjacent to the device...

PT-2022-5475 · Cisco · Cisco Email Security Appliance +2

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Cisco Secure Email and Web Manager affected versions not specified Cisco Secure Web Appliance affected versions not specified Description: The issue is related to the use of a...

PT-2022-5444 · Microsoft · Windows Portable Device Enumerator Service +1

Name of the Vulnerable Software and Affected Versions: Windows Portable Device Enumerator Service affected versions not specified Description: The issue is related to the use of a hardcoded cryptographic key in the Windows Portable Device Enumerator Service. This could allow an attacker to bypass...

PT-2022-5021 · Dell · Dell Enterprise Sonic Os

Name of the Vulnerable Software and Affected Versions: Dell Enterprise SONiC OS versions 4.0.0 through 4.0.1 Description: The issue is related to a cryptographic key vulnerability in SSH, where an unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorize...

CVE-2020-15340

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/defaultaxess/axess/TR69/Handlers/turbolink/sshkeys/idrsa SSH key...

CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

CVE-2021-22644

CVE-2021-22644 is part of a set of vulnerabilities in Ovarro TBox/TWinSoft. The TWinSoft software uses a custom hardcoded user “TWinSoft” with a hardcoded key, enabling attackers to extract the hardcoded cryptographic key (CVE-2021-22644) and, with other flaws (CVE-2021-22646, CVE-2021-22648, CVE...

PT-2022-9259 · Ovarro · Ovarro Tbox Twinsoft

Name of the Vulnerable Software and Affected Versions: Ovarro TBox TWinSoft affected versions not specified Description: The issue concerns the use of a custom hardcoded user TWinSoft with a hardcoded key in Ovarro TBox TWinSoft. Recommendations: At the moment, there is no information about a new...

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

PT-2022-21982

Name of the Vulnerable Software and Affected Versions Wavlink WN530HG4 version M30HG4.V5030.191116 Description A hardcoded encryption/decryption key was found in the configuration files of the affected device, specifically at the /etc ro/lighttpd/www/cgi-bin/ExportAllSettings.sh location. This...

CVE-2022-35857

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file...

CVE-2022-35857

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file...

CVE-2022-35857

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file...