Lucene search
K

7 matches found

OSV
OSV
added 2025/05/01 8:15 p.m.3 views

CVE-2025-46633

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in respons...

8.2CVSS5.8AI score0.00229EPSS
Exploits1References2
Prion
Prion
added 2020/12/11 4:15 p.m.21 views

Authentication flaw

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security...

5CVSS7.5AI score0.01327EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/12/23 12:0 a.m.3 views

ASUS SmartHome Gateway HG100, WS-101 and TS-101 Information Disclosure Vulnerabilities

ASUS SmartHome Gateway HG100 and others are products of ASUS, Taiwan, China.ASUS SmartHome Gateway HG100 is a smart home central control gateway device.ASUS WS-101 is a smart switch sensor.TS-101 is a temperature/humidity sensor. A security vulnerability exists in the ASUS SmartHome Gateway HG100...

9.8CVSS6.9AI score0.00837EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/23 12:0 a.m.3 views

Information Disclosure and Denial of Service Vulnerability in Multiple Xiaomi Products

Xiaomi DGNWG03LM and others are products of Xiaomi, a Chinese company.Xiaomi DGNWG03LM is a smart home gateway device.ZNCZ03LM is a smart switch device.MCCGQ01LM is a smart remote control. A security vulnerability exists in multiple Xiaomi products, which stems from a program that does not secure...

9.8CVSS7AI score0.01253EPSS
Exploits1References1
CVE
CVE
added 2017/07/11 5:0 p.m.44 views

CVE-2017-7729

CVE-2017-7729 concerns iSmartAlarm cube devices, where an incorrect access control vulnerability arises because a newly created key is transmitted in cleartext. The issue is documented with a network-attack surface and low attack complexity, resulting in a high impact on integrity (partial) per C...

7.5CVSS7.5AI score0.00673EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2004/03/25 12:0 a.m.30 views

Dameware Passes Weak File Encryption Key in the Clear

Dameware Mini Remote Control version 4.1.0.0 and presumably other versions pass a Blowfish encryption key over the wire in the clear. It is bad enough that they appear to be using Blowfish in Electronic Codebook Mode; but they compound their errors by the following two vulnerabilities. The Damewa...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2004/03/25 12:0 a.m.38 views

Weak DameWare encryption

Weak PRNG is used for symmetric key generation, key is self is sent in cleartext among data...

2.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder