VYPR

CWE-656

Reliance on Security Through Obscurity

ClassDraft

Description

The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (6)

  • CVE-2026-7161CriMay 4, 2026
    risk 0.60cvss 9.3epss 0.00

    An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When…

  • CVE-2026-42363CriApr 27, 2026
    risk 0.60cvss 9.3epss 0.00

    An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When…

  • CVE-2024-12297CriJan 15, 2025
    risk 0.60cvss epss 0.01

    Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These…

  • CVE-2025-59093HigJan 26, 2026
    risk 0.55cvss epss 0.00

    Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This…

  • CVE-2024-9138HigJan 3, 2025
    risk 0.47cvss 7.2epss 0.01

    Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the…

  • CVE-2025-7020MedAug 9, 2025
    risk 0.33cvss epss 0.00

    An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit's…