24 matches found
EUVD-2026-32277
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...
CVE-2026-35089
Slican telephone exchanges expose admin credentials because the secure key is generated predictably from exchange properties without authentication. CVE-2026-35089 (and CVE-2026-35087) describe an unauthenticated path to deduce the secure key and gain admin access. Remediations (per affected entr...
EUVD-2026-29105
In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...
CVE-2026-33361
In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...
Meari IoT SDK 加密问题漏洞
Meari IoT SDK is a software development kit provided by Meari Corporation, aimed at developing applications for smart devices. There are encryption-related vulnerabilities in the Meari IoT SDK. These vulnerabilities stem from the use of a predictable key derivation method to perform reversible XO...
CVE-2026-5039 Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N
TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...
TP-Link TL-WR841N 安全漏洞
The TP-Link TL-WR841N is a router produced by the TP-Link company. The TP-Link TL-WR841N v13 version has a security vulnerability. This vulnerability stems from the use of DES-CBC encryption in the TDDPv2 debugging protocol, where the key is predictable. This could allow unauthorized attackers to...
CVE-2024-58311
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
EUVD-2024-55350
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
CVE-2024-58311
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
CVE-2024-58311
Dormakaba Saflok System 6000 is affected by CVE-2024-58311 due to a predictable key generation algorithm that lets an attacker derive card access keys from a 32-bit card identifier. The underlying issue is a deterministic key derivation process, enabling key computation without requiring addition...
CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
Dormakaba Saflok System 安全漏洞
Dormakaba Saflok System is a hotel access control and security management system from Dormakaba USA. A security vulnerability exists in Dormakaba Saflok System 6000 that stems from a predictable key generation algorithm that could lead to the derivation of card access keys...
PT-2025-50973
Name of the Vulnerable Software and Affected Versions Dormakaba Saflok System 6000 affected versions not specified Description The Dormakaba Saflok System 6000 uses a key generation algorithm that is predictable. This allows attackers to calculate card access keys from a 32-bit unique identifier...
CVE-2025-10745
CVE-2025-10745 affects Banhammer – Monitor Site Traffic, Block Bad Users and Bots (WordPress) up to version 3.4.8. Root cause: a deterministically generated secret key (using md5 and base64_encode) stored in banhammer_secret_key enables unauthenticated bypass by appending a GET parameter banhamme...
Silicon Labs Wi-SUN Stack 安全漏洞
Silicon Labs Wi-SUN Stack is a communications stack from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Wi-SUN Stack that stems from the fact that accidental reception of a 4-Way Handshake packet may result in a predictable key, potentially triggering a man-in-the-middle attac...
ECOVACS robot vacuums 安全漏洞
ECOVACS robot vacuums is a line of vacuum cleaners from the Chinese company ECOVACS. A security vulnerability exists in ECOVACS robot vacuums that stems from insecure Wi-Fi communication using predictable WPA2-PSK...
CVE-2025-43866
Vantage6 Server JWT secret not cryptographically secure: the auto-generated key uses UUID1, which is partially predictable. This exposes potential forgery of security tokens. The issue is fixed in version 4.11.0; upgrading to 4.11.0+ or defining a custom JWT secret in configuration mitigates the ...
CVE-2023-4489
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access...