CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Modicon TM221CE16R 1.3.3.3 contain a hardcoded cryptographic key used to AES-CBC encrypt project files; the fixed key (SoMachineBasicSoMachineBasicSoMa) cannot be changed, allowing decrypted data to reveal the user password and enable opening/modifyi...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

PT-2017-17809

Name of the Vulnerable Software and Affected Versions Schneider Electric SoMachine Basic version 1.4 SP1 Schneider Electric Modicon TM221CE16R version 1.3.3.3 Description The issue concerns a hardcoded-key vulnerability in the Project Protection feature, which is used to prevent unauthorized acce...

CVE-2016-10125

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session...

CVE-2016-3685

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial...

CVE-2016-5683

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

CVE-2016-5683

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

CVE-2016-5683

ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQLConfig.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file...

CVE-2015-8288

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

CVE-2015-8288

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

CVE-2016-1404

Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport...

CVE-2015-8252

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...

CVE-2015-8252

The CVE-2015-8252 issue affects RSI Video Technologies Videofied Frontel protocol (pre-3). The vulnerability stems from a pre-shared key that is entirely derived from the device serial number, which is transmitted in clear text. An attacker can sniff the network, recover the device serial number,...

CVE-2015-8252

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...

Impero Education Pro Remote Command Execution

/ If you're unsure what Impero is, it's essentially a corporate/educational RAT. Vendor site: https://www.imperosoftware.co.uk/ They recently were in the news about how they implemented "anti-radicalisation" shit or something. They had a booth at BETT back in January. They gave out donuts. Those...

CVE-2015-4080

CVE-2015-4080 affects the Kankun Smart Socket device and its mobile app. The vulnerability stems from a hardcoded AES-256 key used to encrypt communications, enabling remote attackers on the local network to sniff traffic and potentially encrypt messages to gain access to the device. Public sourc...

Kankun Smart Socket / Mobile App Hardcoded AES Key

Hi List, Vulnerability ============= Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App Vulnerability Description ========================== The kankun smart socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between th...

CVE-2014-2198

Cisco Unified Communications Domain Manager CDM in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation o...

Belkin Wemo Home Automation硬编码密钥漏洞

BUGTRAQ ID: 65624 CVECAN ID: CVE-2013-6952 Belkin Wemo Home Automation devices 是家电远程控制系列产品。 Belkin Wemo Home Automation固件包含硬编码的密钥和口令，可被远程攻击者利用为恶意固件进行签名。 0 Belkin Wemo Home Automation 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...