CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

CVE-2021-35252

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

SolarWinds Serv-U FTP Server 授权问题漏洞

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. SolarWinds Serv-U FTP Server suffers from an authorization issue vulnerability that stems from the deployment of a common encryption key across all of its instances resulting in an...

PT-2022-10455 · Rhinosoft · Serv-U Ftp Server

Name of the Vulnerable Software and Affected Versions: Serv-U FTP Server affected versions not specified Description: A common encryption key is used across all deployed instances of the software. This allows an attacker to recover an encrypted value to plaintext if it is exposed. Recommendations...

SonicWall Secure Mobile Access (SMA) 12.4.x < 12.4.1-02994 Multiple Vulnerabilities (SNWLID-2022-0009)

The remote host is a SonicWall Secure Mobile Access SMA device that may be affected by multiple vulnerabilities: - SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. CVE-2022-1701 - SonicWall SMA1000 series firmwa...

CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data...

CVE-2019-18832

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable OTP AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01...

CVE-2018-8902

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include...

Design/Logic Flaw

IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key...

CVE-2013-4869

Cisco Unified Communications Manager CUCM 7.1x through 9.12 and the IM & Presence Service in Cisco Unified Presence Server through 9.12 use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat...