CVE-2024-45837

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-321
View all →

Vulnerability Description

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files.

Related Vulnerabilities

CVE-2020-25231

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses ...

CWE-3212020

CVE-2020-25233

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryp...

CWE-3212020

CVE-2021-27481

MEDIUM
CVSS:5.5(Medium)

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive...

CWE-3212021

CVE-2021-43552

MEDIUM
CVSS:5.5(Medium)

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.

CWE-3212021

CVE-2022-34386

MEDIUM
CVSS:5.5(Medium)

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user co...

CWE-3212022

CVE-2024-11308

MEDIUM
CVSS:5.5(Medium)

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.

CWE-3212024