CVE-2024-25731

The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...

CVE-2024-25731

The CVE-2024-25731 entry concerns the Android app Elink Smart eSmartCam (com.cn.dq.ipc) 2.1.5. The vulnerability is a hardcoded AES encryption key in the binary, enabling an attacker who observes traffic (e.g., over Wi‑Fi) to defeat encryption and potentially access protected data. Supported deta...

PT-2024-1988 · Elinksmart · Esmartcam

Name of the Vulnerable Software and Affected Versions: Elink Smart eSmartCam application version 2.1.5 Description: The issue is related to the use of hardcoded AES encryption keys in the application, which can be extracted from a binary file. This allows an attacker who can observe packet data,...

Backdoor.Win32.Jeemp.c MVID-2024-0672 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jeemp.c Vulnerability: Cleartext Hardcoded Credentials Description: The...

PT-2024-25690

Name of the Vulnerable Software and Affected Versions man-group/dtale version 3.10.0 Description The issue arises from improper input validation, leading to an authentication bypass and remote code execution RCE. A hardcoded SECRET KEY in the flask configuration allows attackers to forge a sessio...

Hardcoded credentials

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The...

Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Google Dork: Date: 12/9/2023 Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on:...

Automatic Systems SOC FL9600 FastLine - Backdoor Account Vulnerability

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on: V06, VersionSVN =...

Automatic-Systems SOC FL9600 FastLine Hardcoded Credentials

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Google Dork: Date: 12/9/2023 Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on:...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

Hardcoded credentials

Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents...

Hardcoded credentials

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

Hardcoded credentials

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

CVE-2024-1661 Totolink X6000R shadow hard-coded credentials

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity ...

Hardcoded credentials

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

Hardcoded credentials

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

Hardcoded credentials

Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8...

Hardcoded credentials

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit...