CWE-321: CWE-321

A low-privileged user can bypass authorization checks in ZTE's ZXMP M721 product to view the device's communication private key. This exposes cryptogr...

CVE-2024-56429 is a hard-coded cryptographic key vulnerability in iTech iLabClient 3.7.1 that allows local users to read or write to the application's...

CVE-2024-31410 allows attackers to impersonate any client in CyberPower PowerPanel management systems due to hard-coded cryptographic keys in device c...

This vulnerability in Binardat 10G08-0800GSM network switches allows attackers to decrypt protected data due to the use of RC4 encryption with a hard-...

Apache Syncope versions before 3.0.15 and 4.0.3 use a hard-coded AES encryption key for password storage when configured to encrypt passwords in the d...

Keysight Ixia Vision devices contain hardcoded cryptographic material that could allow attackers to intercept or decrypt API calls and user authentica...

Vasion Print (formerly PrinterLogic) contains hardcoded encryption keys in its application containers, allowing attackers who can access the filesyste...

Dell Enterprise SONiC OS version 4.5.0 has a cryptographic key vulnerability in SSH that allows unauthenticated remote attackers to potentially gain u...

AudioCodes OVOC versions before 8.4.582 use a hard-coded cryptographic key, allowing attackers to decrypt sensitive data like passwords from topology ...

This vulnerability allows an unauthenticated remote attacker to impersonate a Cisco Catalyst Center appliance due to a static SSH host key. Attackers ...

This vulnerability allows attackers to intercept and manipulate TLS communications between Cisco iNode Manager and intelligent nodes due to hard-coded...

Triangle MicroWorks SCADA Data Gateway contains a hard-coded cryptographic key and certificate vulnerability that allows remote attackers to decrypt s...

This CVE describes a hard-coded cryptographic key vulnerability in SonicWall GMS and Analytics products. Attackers who discover the embedded key could...

SonicWall SMA1000 series appliances use a shared hard-coded encryption key to store sensitive data, allowing attackers who gain access to encrypted da...

CVE-2025-55112 allows attackers to decrypt network traffic between Control-M/Agent and Server when Blowfish encryption is configured, due to a hardcod...

The Civi WordPress theme contains hard-coded LinkedIn API credentials in all versions up to 2.1.4, allowing unauthenticated attackers to extract sensi...

This vulnerability in Rockwell Automation's FactoryTalk System Services allows local authenticated non-admin users to generate administrator cookies u...

CVE-2022-23650 is a hard-coded cryptographic key vulnerability in Netmaker server components that allows attackers with knowledge of the admin usernam...

CVE-2026-2103 is a hard-coded cryptographic key vulnerability in Infor SyteLine ERP that allows attackers to decrypt stored credentials including pass...

EisBaer Scada uses hard-coded cryptographic keys, allowing attackers to decrypt sensitive data or forge communications. This affects all systems runni...

AMI SPx BMC firmware contains hard-coded cryptographic keys and certificates, allowing attackers to potentially decrypt sensitive data, impersonate le...

A vulnerability in Gardyn 4 allows remote attackers with the corresponding SSH private key to gain root access to affected devices. This affects all G...

Arcade MCP versions before 1.5.4 use a hardcoded default worker secret ('dev') that is never validated during server startup. This allows unauthentica...

NeuVector containers had a hard-coded cryptographic key in source code that was replaced with the actual secret key at compile time. This allows attac...

A hard-coded cryptographic key vulnerability in ABB RMC-100 and RMC-100 LITE devices allows attackers to bypass REST interface authentication when the...

CVE-2025-45746 allows unauthenticated attackers to craft valid JWT tokens using a hardcoded secret, enabling authentication bypass to the ZKT ZKBio CV...

Vanilla OS 2 Core image v1.1.0 contains static SSH keys, enabling attackers to perform man-in-the-middle attacks during SSH connections. This vulnerab...

ECOVACS robot vacuums and base stations use a predictable WPA2-PSK that can be easily derived, allowing attackers to join the local Wi-Fi network. Thi...

ECOVACS robot lawn mowers and vacuums use a static, shared secret key to encrypt Bluetooth Low Energy (BLE) GATT messages, allowing unauthenticated at...

CVE-2024-11308 is a hardcoded encryption key vulnerability in DVC from TRCore that allows attackers to decrypt protected files. This affects systems u...

This vulnerability allows attackers to extract a hardcoded AES decryption key from ConnectWise Risk Assessment's password encryption utility via rever...

IBM Maximo Application Suite Monitor Component versions 8.10, 8.11, and 9.0 contain a hard-coded cryptographic key vulnerability. This allows attacker...

CVE-2025-2810 allows a low-privileged local attacker to abuse an affected service using a hardcoded cryptographic key. This vulnerability affects syst...

SolarWinds Web Help Desk contains a hardcoded cryptographic key that could allow attackers to decrypt sensitive information stored or transmitted by t...

This vulnerability involves hard-coded cryptographic keys in AIPHONE intercom systems and software, allowing network-adjacent attackers to access SFTP...

The Download Manager WordPress plugin contains a hardcoded cron key vulnerability that allows unauthenticated attackers to trigger deletion of expired...

Newforma Info Exchange (NIX) uses a hard-coded encryption key for query parameters, allowing attackers to bypass authentication and authorization by m...

CVE-2025-58069 is a hard-coded cryptographic key vulnerability in Click Plus PLC firmware version 3.60. This allows attackers to decrypt initial sessi...

A hard-coded cryptographic key vulnerability in ABB RMC-100 and RMC-100 LITE devices allows attackers to decrypt MQTT communications. This affects spe...

SINEC INS versions before V1.0 SP2 Update 3 use hard-coded cryptographic keys to obfuscate configuration files, allowing attackers to reverse-engineer...

The Reolink desktop application uses a predictable AES encryption key to protect user configuration files, allowing attackers with local system access...

The Reolink Desktop Application uses predictable initialization vectors in its AES-CFB encryption, potentially allowing attackers with local access to...

Vasion Print (formerly PrinterLogic) appliances contain a hardcoded private SSL key and matching certificate stored in cleartext. This allows attacker...

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.2 have a security weakness in the Security Utility that could allow reduced ...

This vulnerability involves a hardcoded cryptographic key in hMailServer that allows attackers to decrypt database passwords stored in the hMailServer...

This vulnerability in desknet's NEO software involves a hard-coded cryptographic key that could allow attackers to create malicious AppSuite applicati...

Arris VIP1113 devices have a hardcoded firmware decryption key in the KreaTV SDK, allowing attackers to decrypt and potentially modify firmware. This ...

This vulnerability in FortiManager allows attackers with JSON API access permissions to decrypt sensitive data due to hard-coded cryptographic keys. I...

The 'FOD' app uses hard-coded cryptographic keys, allowing local unauthenticated attackers to extract these keys. This vulnerability affects users of ...

The Kura Sushi Official App for Android versions before 3.8.5 contains a hard-coded cryptographic key vulnerability. This allows local attackers to po...