CVE-2024-38532

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-321
View all →

Vulnerability Description

The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its `-t` argument. This issue has been patched in commit 26a7.

Related Vulnerabilities

CVE-2021-23842

HIGH
CVSS:7.1(High)

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic betw...

CWE-3212021

CVE-2023-40464

MEDIUM
CVSS:6.8(Medium)

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between ...

CWE-3212023

CVE-2021-4228

HIGH
CVSS:7.4(High)

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A st...

CWE-3212021

CVE-2021-43587

MEDIUM
CVSS:6.7(Medium)

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to ga...

CWE-3212021

CVE-2017-6054

HIGH
CVSS:7.5(High)

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user informati...

CWE-3212017

CVE-2019-10920

HIGH
CVSS:7.5(High)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a ha...

CWE-3212019