CWE-321
Use of Hard-coded Cryptographic Key
The product uses a hard-coded, unchangeable cryptographic key.
CVE-2025-38741 (GCVE-0-2025-38741)
Vulnerability from cvelistv5 – Published: 2025-08-04 18:22 – Updated: 2025-08-05 15:47
VLAI
Summary
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
Severity
7.5 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00034008… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Enterprise SONiC OS |
Affected:
4.5.0 , < 4.5.0a
(semver)
|
Date Public
2025-08-01 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T15:47:31.600205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T15:47:36.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise SONiC OS",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.5.0a",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-01T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.\u003c/span\u003e"
}
],
"value": "Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T18:22:00.580Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000340083/dsa-2025-275-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-38741",
"datePublished": "2025-08-04T18:22:00.580Z",
"dateReserved": "2025-04-16T05:03:52.415Z",
"dateUpdated": "2025-08-05T15:47:36.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40946 (GCVE-0-2025-40946)
Vulnerability from cvelistv5 – Published: 2026-05-12 08:20 – Updated: 2026-05-12 12:43
VLAI
Summary
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M11 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0 TL3-60.0 TL3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions < V6.1.4.9), blueplanet gridsafe 110 TL3-S (All versions < V3.91), blueplanet gridsafe 137 TL3-S (All versions < V3.91), blueplanet gridsafe 92.0 TL3-S (All versions < V3.91), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). A CRC16-based algorithm for generating Technical Service credentials could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access.
Severity
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
30 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | blueplanet 100 NX3 M8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 100 TL3 GEN2 |
Affected:
0 , < V6.1.4.9
(custom)
|
|
| Siemens | blueplanet 105 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 105 TL3 GEN2 |
Affected:
0 , < V6.1.4.9
(custom)
|
|
| Siemens | blueplanet 110 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 125 NX3 M11 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 125 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 125 TL3 GEN2 |
Affected:
0 , < V6.1.4.9
(custom)
|
|
| Siemens | blueplanet 137 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 150 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 150 TL3 GEN2 |
Affected:
0 , < V6.1.4.9
(custom)
|
|
| Siemens | blueplanet 155 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 155 TL3 GEN2 |
Affected:
0 , < V6.1.4.9
(custom)
|
|
| Siemens | blueplanet 165 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 165 TL3 GEN2 |
Affected:
0 , < V6.1.4.9
(custom)
|
|
| Siemens | blueplanet 25.0 NX3-33.0 NX3 |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 3.0 NX3-20.0 NX3 |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 3.0 TL3-60.0 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 3.0-5.0 NX1 |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 360 NX3 M6 |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 50.0 NX3-60.0 NX3 |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 87.0 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 87.0 TL3 GEN2 |
Affected:
0 , < V6.1.4.9
(custom)
|
|
| Siemens | blueplanet 92.0 TL3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | blueplanet 92.0 TL3 GEN2 |
Affected:
0 , < V6.1.4.9
(custom)
|
|
| Siemens | blueplanet gridsafe 110 TL3-S |
Affected:
0 , < V3.91
(custom)
|
|
| Siemens | blueplanet gridsafe 137 TL3-S |
Affected:
0 , < V3.91
(custom)
|
|
| Siemens | blueplanet gridsafe 92.0 TL3-S |
Affected:
0 , < V3.91
(custom)
|
|
| Siemens | blueplanet hybrid 10.0 TL3 |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | blueplanet hybrid 6.0 NH3-12.0 NH3 |
Unaffected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T12:43:03.238502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:43:12.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "blueplanet 100 NX3 M8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 100 TL3 GEN2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 105 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 105 TL3 GEN2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 110 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 125 NX3 M11",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 125 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 125 TL3 GEN2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 137 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 150 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 150 TL3 GEN2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 155 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 155 TL3 GEN2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 165 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 165 TL3 GEN2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 25.0 NX3-33.0 NX3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 3.0 NX3-20.0 NX3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 3.0 TL3-60.0 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 3.0-5.0 NX1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 360 NX3 M6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 50.0 NX3-60.0 NX3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 87.0 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 87.0 TL3 GEN2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 92.0 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet 92.0 TL3 GEN2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet gridsafe 110 TL3-S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.91",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet gridsafe 137 TL3-S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.91",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet gridsafe 92.0 TL3-S",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.91",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet hybrid 10.0 TL3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "blueplanet hybrid 6.0 NH3-12.0 NH3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M11 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0 TL3-60.0 TL3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions \u003c V6.1.4.9), blueplanet gridsafe 110 TL3-S (All versions \u003c V3.91), blueplanet gridsafe 137 TL3-S (All versions \u003c V3.91), blueplanet gridsafe 92.0 TL3-S (All versions \u003c V3.91), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). A CRC16-based algorithm for generating Technical Service credentials could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:20:50.525Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-545643.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40946",
"datePublished": "2026-05-12T08:20:50.525Z",
"dateReserved": "2025-04-16T09:06:15.879Z",
"dateUpdated": "2026-05-12T12:43:12.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41702 (GCVE-0-2025-41702)
Vulnerability from cvelistv5 – Published: 2025-08-26 06:10 – Updated: 2025-08-26 19:39
VLAI
Title
egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
Summary
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.
Severity
9.8 (Critical)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| Welotec | EG400Mk2-D11001-000101 |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG400Mk2-D11101-000101 |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG503W |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG503L |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG503W_4GB |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG503L_4GB |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG503L-G |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-A11101-000101 |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-A11001-000101 |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-B11101-000101 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-B11001-000101 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-C11101-000101 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-C11001-000101 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-A12011-000101 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-A11001-000201 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG500Mk2-A21101-000101 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG602W |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG602L |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG603W Mk2 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG603L Mk2 |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG802W |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG804W |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG802W_i7_512GB_DinRail |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG802W_i7_512GB_w/o DinRail |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
|
| Welotec | EG804W Pro |
Affected:
0.0.0 , < <v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T19:37:50.695357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T19:39:00.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EG400Mk2-D11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG400Mk2-D11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503W_4GB",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L_4GB",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L-G",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-B11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-B11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-C11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-C11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A12011-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11001-000201",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A21101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG602W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG602L",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG603W Mk2",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG603L Mk2",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG804W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W_i7_512GB_DinRail",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W_i7_512GB_w/o DinRail",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG804W Pro",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.\u003cbr\u003e"
}
],
"value": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T06:10:57.464Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-076"
}
],
"source": {
"advisory": "VDE-2025-076",
"defect": [
"CERT@VDE#641843"
],
"discovery": "UNKNOWN"
},
"title": "egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41702",
"datePublished": "2025-08-26T06:10:57.464Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-08-26T19:39:00.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43483 (GCVE-0-2025-43483)
Vulnerability from cvelistv5 – Published: 2025-07-22 23:14 – Updated: 2025-07-23 20:11
VLAI
Title
Poly Clariti Manager - Multiple Security Vulnerabilities
Summary
A potential security vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has
addressed the issue in the latest software update.
Severity
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HP Inc. | Poly Clariti Manager |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T20:10:49.864916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T20:11:12.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Poly Clariti Manager",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cp\u003eA potential security vulnerability has been\nidentified in the Poly Clariti Manager for versions prior to 10.12.1. The\nvulnerability could allow the retrieval of hardcoded cryptographic keys. HP has\naddressed the issue in the latest software update.\u003c/p\u003e\u003c/span\u003e"
}
],
"value": "A potential security vulnerability has been\nidentified in the Poly Clariti Manager for versions prior to 10.12.1. The\nvulnerability could allow the retrieval of hardcoded cryptographic keys. HP has\naddressed the issue in the latest software update."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T23:14:26.801Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Poly Clariti Manager - Multiple Security Vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2025-43483",
"datePublished": "2025-07-22T23:14:26.801Z",
"dateReserved": "2025-04-16T15:25:24.712Z",
"dateUpdated": "2025-07-23T20:11:12.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-44963 (GCVE-0-2025-44963)
Vulnerability from cvelistv5 – Published: 2025-08-04 00:00 – Updated: 2025-11-03 20:04
VLAI
Summary
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
Severity
9 (Critical)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RUCKUS | Network Director |
Affected:
0 , < 4.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-44963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T17:42:54.574636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T17:43:00.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:21.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/613753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Network Director",
"vendor": "RUCKUS",
"versions": [
{
"lessThan": "4.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T16:18:42.903Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/613753"
},
{
"url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
},
{
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44963"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-44963",
"datePublished": "2025-08-04T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:04:21.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-45746 (GCVE-0-2025-45746)
Vulnerability from cvelistv5 – Published: 2025-05-13 00:00 – Updated: 2025-05-21 14:01 Disputed
VLAI
Summary
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.
Severity
6.5 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZKTeco | ZKBio CVSecurity |
Affected:
6.4.1_R , < 6.6.0_R
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-45746",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T13:33:46.907349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T14:01:59.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZKBio CVSecurity",
"vendor": "ZKTeco",
"versions": [
{
"lessThan": "6.6.0_R",
"status": "affected",
"version": "6.4.1_R",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zkteco:zkbio_cvsecurity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.0_R",
"versionStartIncluding": "6.4.1_R",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T03:46:32.465Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2025-45746.md"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-45746",
"datePublished": "2025-05-13T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-05-21T14:01:59.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46582 (GCVE-0-2025-46582)
Vulnerability from cvelistv5 – Published: 2025-10-27 08:44 – Updated: 2025-10-27 15:58
VLAI
Title
Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product
Summary
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security.
Severity
7.7 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:58:07.247059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:58:25.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZXMP M721",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "ZXMPM721V5.30.020.001P01"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zte:zxmp_m721:zxmpm721v5.30.020.001p01:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA private key disclosure vulnerability exists in ZTE\u0027s ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device\u0027s communication private key, resulting in key exposure and impacting communication security.\u003c/p\u003e"
}
],
"value": "A private key disclosure vulnerability exists in ZTE\u0027s ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device\u0027s communication private key, resulting in key exposure and impacting communication security."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T08:44:49.704Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2594779029512220847"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2025-46582",
"datePublished": "2025-10-27T08:44:49.704Z",
"dateReserved": "2025-04-25T00:28:13.909Z",
"dateUpdated": "2025-10-27T15:58:25.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48417 (GCVE-0-2025-48417)
Vulnerability from cvelistv5 – Published: 2025-05-21 12:30 – Updated: 2025-11-03 20:04
VLAI
Title
Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations
Summary
The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates.
Severity
6.5 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://r.sec-consult.com/echarge | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| eCharge Hardy Barth | cPH2 / cPP2 charging stations |
Affected:
<=2.2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:51:20.110962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:51:37.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:52.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "cPH2 / cPP2 charging stations",
"vendor": "eCharge Hardy Barth",
"versions": [
{
"status": "affected",
"version": "\u003c=2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stefan Viehb\u00f6ck | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T12:30:08.012Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/echarge"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor has not yet released a patch or communicated a timeline for firmware updates.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The vendor has not yet released a patch or communicated a timeline for firmware updates."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-48417",
"datePublished": "2025-05-21T12:30:08.012Z",
"dateReserved": "2025-05-20T07:34:22.865Z",
"dateUpdated": "2025-11-03T20:04:52.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4876 (GCVE-0-2025-4876)
Vulnerability from cvelistv5 – Published: 2025-05-19 16:04 – Updated: 2025-09-03 16:33
VLAI
Title
Hardcoded Key Revealed in ConnectWise Password Encryption Utility
Summary
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.
Severity
6 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ConnectWise | Risk Assessment |
Affected:
All versions prior to deprecation (July 2023)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T16:48:28.836537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:49:27.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"connectwise-password-encryption-utlity.exe"
],
"product": "Risk Assessment",
"vendor": "ConnectWise",
"versions": [
{
"status": "affected",
"version": "All versions prior to deprecation (July 2023)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joey Melo (jmelo@packetlabs.net)"
},
{
"lang": "en",
"type": "finder",
"value": "Ian Lin (ilin@packetlabs.net)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eused for authenticated network scanning.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files\u00a0used for authenticated network scanning."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Constants Within an Executable"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T16:33:11.971Z",
"orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"shortName": "ConnectWise"
},
"references": [
{
"url": "https://github.com/packetlabs/vulnerability-advisory/blob/main/Disclosures/PL-2025-11315/README.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise deprecated the tool in July 2023 and provided a new utility that does not contain hardcoded keys. The previous tool relied on a third-party utility that required credentials to be stored locally to perform authenticated network scans. Partners who still have the deprecated tool on their systems should remove it."
}
],
"value": "ConnectWise deprecated the tool in July 2023 and provided a new utility that does not contain hardcoded keys. The previous tool relied on a third-party utility that required credentials to be stored locally to perform authenticated network scans. Partners who still have the deprecated tool on their systems should remove it."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoded Key Revealed in ConnectWise Password Encryption Utility",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"assignerShortName": "ConnectWise",
"cveId": "CVE-2025-4876",
"datePublished": "2025-05-19T16:04:34.031Z",
"dateReserved": "2025-05-16T20:18:46.987Z",
"dateUpdated": "2025-09-03T16:33:11.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49164 (GCVE-0-2025-49164)
Vulnerability from cvelistv5 – Published: 2025-06-02 00:00 – Updated: 2025-06-03 01:58
VLAI
Summary
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
Severity
4.3 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T01:57:49.127423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T01:58:00.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VIP1113",
"vendor": "Arris",
"versions": [
{
"lessThanOrEqual": "2025-05-30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T23:42:52.626Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://full-disclosure.eu/reports/2025/FDEU-CVE-2025-1c00-arris-bootloader-shell-injection.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-49164",
"datePublished": "2025-06-02T00:00:00.000Z",
"dateReserved": "2025-06-02T00:00:00.000Z",
"dateUpdated": "2025-06-03T01:58:00.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Prevention schemes mirror that of hard-coded password storage.
No CAPEC attack patterns related to this CWE.