VYPR

CWE-321

Use of Hard-coded Cryptographic Key

VariantDraftLikelihood: High

Description

The product uses a hard-coded, unchangeable cryptographic key.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (146)

page 5 of 8
  • CVE-2026-50226MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

  • CVE-2026-8739MedMay 17, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefile_key results in use…

  • CVE-2026-8243MedMay 10, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote.…

  • CVE-2026-5549MedApr 5, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded…

  • CVE-2026-5527MedApr 5, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key …

  • CVE-2025-12177MedNov 8, 2025
    risk 0.34cvss 5.3epss 0.00

    The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthenticated attackers to…

  • CVE-2025-58069MedSep 23, 2025
    risk 0.34cvss 5.3epss 0.00

    The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session.

  • CVE-2025-6071MedJul 3, 2025
    risk 0.34cvss 5.3epss 0.00

    Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through…

  • CVE-2026-11505MedJun 8, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely.…

  • CVE-2025-12615MedNov 3, 2025
    risk 0.33cvss 5.0epss 0.00

    A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from…

  • CVE-2025-10250MedSep 11, 2025
    risk 0.33cvss 5.0epss 0.00

    A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local…

  • CVE-2017-9649MedSep 20, 2017
    risk 0.33cvss 5.0epss 0.00

    A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary…

  • CVE-2025-60250MedSep 26, 2025
    risk 0.31cvss 4.7epss 0.00

    Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.

  • CVE-2017-14014MedMay 1, 2018
    risk 0.30cvss 4.6epss 0.00

    Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

  • CVE-2026-7018MedApr 26, 2026
    risk 0.29cvss 5.6epss 0.00

    A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a…

  • CVE-2025-13877MedDec 2, 2025
    risk 0.29cvss 5.6epss 0.00

    A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument API_KEY results in use of hard-coded…

  • CVE-2025-58426MedOct 16, 2025
    risk 0.28cvss 4.3epss 0.00

    desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications.

  • CVE-2025-49164MedJun 3, 2025
    risk 0.28cvss 4.3epss 0.00

    Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.

  • CVE-2023-3371MedJun 27, 2023
    risk 0.28cvss 5.3epss 0.01

    The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated…

  • CVE-2025-64304MedNov 25, 2025
    risk 0.26cvss 4.0epss 0.00

    "FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.