7 matches found
CVE-2025-46633
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in respons...
Authentication flaw
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security...
ASUS SmartHome Gateway HG100, WS-101 and TS-101 Information Disclosure Vulnerabilities
ASUS SmartHome Gateway HG100 and others are products of ASUS, Taiwan, China.ASUS SmartHome Gateway HG100 is a smart home central control gateway device.ASUS WS-101 is a smart switch sensor.TS-101 is a temperature/humidity sensor. A security vulnerability exists in the ASUS SmartHome Gateway HG100...
Information Disclosure and Denial of Service Vulnerability in Multiple Xiaomi Products
Xiaomi DGNWG03LM and others are products of Xiaomi, a Chinese company.Xiaomi DGNWG03LM is a smart home gateway device.ZNCZ03LM is a smart switch device.MCCGQ01LM is a smart remote control. A security vulnerability exists in multiple Xiaomi products, which stems from a program that does not secure...
CVE-2017-7729
CVE-2017-7729 concerns iSmartAlarm cube devices, where an incorrect access control vulnerability arises because a newly created key is transmitted in cleartext. The issue is documented with a network-attack surface and low attack complexity, resulting in a high impact on integrity (partial) per C...
Dameware Passes Weak File Encryption Key in the Clear
Dameware Mini Remote Control version 4.1.0.0 and presumably other versions pass a Blowfish encryption key over the wire in the clear. It is bad enough that they appear to be using Blowfish in Electronic Codebook Mode; but they compound their errors by the following two vulnerabilities. The Damewa...
Weak DameWare encryption
Weak PRNG is used for symmetric key generation, key is self is sent in cleartext among data...