CVE-2019-19753

CRITICAL Year: 2019
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-321
View all →

Vulnerability Description

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using public IPv4.

Related Vulnerabilities

CVE-2019-7594

CRITICAL
CVSS:9.1(Critical)

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).

CWE-3212019

CVE-2022-29830

CRITICAL
CVSS:9.1(Critical)

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later ...

CWE-3212022

CVE-2024-1631

CRITICAL
CVSS:9.1(Critical)

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key....

CWE-3212024

CVE-2025-30095

CRITICAL
CVSS:9.0(Critical)

VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker...

CWE-3212025

CVE-2020-7846

HIGH
CVSS:8.8(High)

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag...

CWE-3212020

CVE-2021-27392

HIGH
CVSS:8.8(High)

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Vi...

CWE-3212021