CWE-1394
Use of Default Cryptographic Key
Description
The product uses a default cryptographic key for potentially critical functionality.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48956 | Cri | 0.65 | 9.8 | 0.01 | Dec 9, 2024 | Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution. | ||
| CVE-2025-55049 | — | Cri | 0.59 | 9.1 | 0.00 | Sep 9, 2025 | Use of Default Cryptographic Key (CWE-1394) | |
| CVE-2024-1275 | Cri | 0.59 | — | 0.00 | May 31, 2024 | Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52. | ||
| CVE-2026-5039 | Hig | 0.57 | 8.8 | 0.00 | Apr 23, 2026 | TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to… | ||
| CVE-2026-20709 | Med | 0.43 | 6.6 | 0.00 | Apr 8, 2026 | Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user… | ||
| CVE-2025-1688 | Med | 0.36 | 5.5 | 0.00 | Apr 15, 2025 | Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that… | ||
| CVE-2026-2215 | Low | 0.24 | 3.7 | 0.00 | Feb 9, 2026 | A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. The attack… | ||
| CVE-2026-25815 | Low | 0.21 | 3.2 | 0.00 | Feb 5, 2026 | Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position… |
- risk 0.65cvss 9.8epss 0.01
Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.
- risk 0.59cvss 9.1epss 0.00
Use of Default Cryptographic Key (CWE-1394)
- risk 0.59cvss —epss 0.00
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52.
- risk 0.57cvss 8.8epss 0.00
TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to…
- risk 0.43cvss 6.6epss 0.00
Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escalation of privilege. Hardware reverse engineer adversary with a privileged user…
- risk 0.36cvss 5.5epss 0.00
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that…
- risk 0.24cvss 3.7epss 0.00
A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. The attack…
- risk 0.21cvss 3.2epss 0.00
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position…