CWE-321
Use of Hard-coded Cryptographic Key
VariantDraftLikelihood: High
Description
The product uses a hard-coded, unchangeable cryptographic key.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (106)
page 6 of 6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5420 | Low | 0.16 | 2.5 | 0.00 | Apr 2, 2026 | A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AES_IV/AES_PASSWORD results in use of hard-coded cryptographic key . Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2026-5310 | Low | 0.16 | 2.5 | 0.00 | Apr 1, 2026 | A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is publicly available and might be used. Upgrading to version 8.7.4 will fix this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | |
| CVE-2026-44278 | Low | 0.15 | 2.3 | 0.00 | May 12, 2026 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here> | |
| CVE-2025-6666 | Low | 0.13 | 2.0 | 0.00 | Nov 29, 2025 | A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2014-5403 | 0.00 | — | 0.01 | Apr 3, 2015 | Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. | ||
| CVE-2014-5419 | 0.00 | — | 0.01 | Jan 17, 2015 | GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. |