Total
145 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24860 | 1 Databasir Project | 1 Databasir | 2024-11-21 | 7.4 High |
| Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses. | ||||
| CVE-2022-23650 | 1 Gravitl | 1 Netmaker | 2024-11-21 | 7.2 High |
| Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds. | ||||
| CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2024-11-21 | 9.8 Critical |
| The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | ||||
| CVE-2022-21199 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-11-21 | 5.9 Medium |
| An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2022-20868 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2024-11-21 | 4.7 Medium |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. | ||||
| CVE-2022-20773 | 1 Cisco | 1 Umbrella | 2024-11-21 | 7.5 High |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA. | ||||
| CVE-2022-1701 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-11-21 | 7.5 High |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | ||||
| CVE-2022-1400 | 1 Device42 | 1 Cmdb | 2024-11-21 | 7.1 High |
| Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00. | ||||
| CVE-2022-0664 | 1 Gravitl | 1 Netmaker | 2024-11-21 | 9.8 Critical |
| Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. | ||||
| CVE-2021-4228 | 1 Lannerinc | 2 Iac-ast2500, Iac-ast2500 Firmware | 2024-11-21 | 5.8 Medium |
| Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0. | ||||
| CVE-2021-43587 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | 8.2 High |
| Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges. | ||||
| CVE-2021-43552 | 1 Philips | 1 Patient Information Center Ix | 2024-11-21 | 6.1 Medium |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. | ||||
| CVE-2021-40119 | 1 Cisco | 1 Policy Suite | 2024-11-21 | 9.8 Critical |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. | ||||
| CVE-2021-38461 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 8.2 High |
| The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. | ||||
| CVE-2021-32520 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 9.8 Critical |
| Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | ||||
| CVE-2021-27481 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 5.5 Medium |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. | ||||
| CVE-2021-27392 | 1 Siemens | 1 Siveillance Video Open Network Bridge | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server. | ||||
| CVE-2021-27389 | 1 Siemens | 2 Opcenter Quality, Qms Automotive | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection. | ||||
| CVE-2021-23842 | 1 Bosch | 5 Access Management System, Access Professional Edition, Amc2 and 2 more | 2024-11-21 | 5.7 Medium |
| Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet. | ||||
| CVE-2021-0266 | 1 Juniper | 2 Csrx, Junos | 2024-11-21 | 8.1 High |
| The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. | ||||