Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-32010

Summary
Assigner-Secomea
Assigner Org ID-f2815942-3388-4c08-ba09-6c15850fda90
Published At-04 May, 2022 | 13:45
Updated At-03 Aug, 2024 | 23:17
Rejected At-
Credits

Clients may connect to a GateManager with TLS 1.0

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Secomea
Assigner Org ID:f2815942-3388-4c08-ba09-6c15850fda90
Published At:04 May, 2022 | 13:45
Updated At:03 Aug, 2024 | 23:17
Rejected At:
â–¼CVE Numbering Authority (CNA)
Clients may connect to a GateManager with TLS 1.0

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.

Affected Products
Vendor
Secomea A/SSecomea
Product
SiteManager
Versions
Affected
  • From All before 9.7 (custom)
Vendor
Secomea A/SSecomea
Product
LinkManager
Versions
Affected
  • From unspecified before 9.7 (custom)
Vendor
Secomea A/SSecomea
Product
GateManager
Versions
Affected
  • From unspecified before 9.7 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-326CWE-326 Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-326
Description: CWE-326 Inadequate Encryption Strength
Metrics
VersionBase scoreBase severityVector
3.15.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.secomea.com/support/cybersecurity-advisory/
x_refsource_MISC
Hyperlink: https://www.secomea.com/support/cybersecurity-advisory/
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.secomea.com/support/cybersecurity-advisory/
x_refsource_MISC
x_transferred
Hyperlink: https://www.secomea.com/support/cybersecurity-advisory/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:VulnerabilityReporting@secomea.com
Published At:04 May, 2022 | 14:15
Updated At:11 May, 2022 | 18:43

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.15.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Secomea A/S
secomea
>>sitemanager_1129>>-
cpe:2.3:h:secomea:sitemanager_1129:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_1129_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_1129_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_1139_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_1139_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_1139>>-
cpe:2.3:h:secomea:sitemanager_1139:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_1149_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_1149_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_1149>>-
cpe:2.3:h:secomea:sitemanager_1149:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3329_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_3329_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3329>>-
cpe:2.3:h:secomea:sitemanager_3329:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3339_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_3339_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3339>>-
cpe:2.3:h:secomea:sitemanager_3339:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3349_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_3349_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3349>>-
cpe:2.3:h:secomea:sitemanager_3349:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3529_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_3529_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3529>>-
cpe:2.3:h:secomea:sitemanager_3529:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3539_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_3539_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3539>>-
cpe:2.3:h:secomea:sitemanager_3539:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3549_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:sitemanager_3549_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>sitemanager_3549>>-
cpe:2.3:h:secomea:sitemanager_3549:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>linkmanager>>Versions before 9.7.622134021(exclusive)
cpe:2.3:a:secomea:linkmanager:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_4250>>-
cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_4250_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_4260>>-
cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_4260_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_8250>>-
cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_8250_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_9250>>-
cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*
Secomea A/S
secomea
>>gatemanager_9250_firmware>>Versions before 9.7.622134021(exclusive)
cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-326Primarynvd@nist.gov
CWE-326SecondaryVulnerabilityReporting@secomea.com
CWE ID: CWE-326
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-326
Type: Secondary
Source: VulnerabilityReporting@secomea.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.secomea.com/support/cybersecurity-advisory/VulnerabilityReporting@secomea.com
Vendor Advisory
Hyperlink: https://www.secomea.com/support/cybersecurity-advisory/
Source: VulnerabilityReporting@secomea.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

13Records found

CVE-2022-25778
Matching Score-8
Assigner-Secomea A/S
ShareView Details
Matching Score-8
Assigner-Secomea A/S
CVSS Score-4.2||MEDIUM
EPSS-0.26% / 17.52%
||
7 Day CHG+0.01%
Published-04 May, 2022 | 13:49
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unload handlers may unintentionally defeat CSRF guards

Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.

Action-Not Available
Vendor-Secomea A/S
Product-gatemanager_9250_firmwaregatemanager_8250gatemanager_8250_firmwaregatemanager_9250gatemanager_4250gatemanager_4260gatemanager_4250_firmwaregatemanager_4260_firmwareGateManager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-29030
Matching Score-8
Assigner-Secomea A/S
ShareView Details
Matching Score-8
Assigner-Secomea A/S
CVSS Score-8.1||HIGH
EPSS-0.52% / 40.24%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 19:15
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient CSRF guards

Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4.

Action-Not Available
Vendor-Secomea A/S
Product-gatemanager_firmwareGateManager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-14512
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-0.82% / 52.84%
||
7 Day CHG~0.00%
Published-25 Aug, 2020 | 13:20
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.

Action-Not Available
Vendor-Secomea A/S
Product-gatemanager_8250gatemanager_8250_firmwareGateManager
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2020-14508
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-2.02% / 78.54%
||
7 Day CHG~0.00%
Published-25 Aug, 2020 | 13:15
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OFF-BY-ONE ERROR CWE-193

GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.

Action-Not Available
Vendor-Secomea A/S
Product-gatemanager_8250gatemanager_8250_firmwareGateManager
CWE ID-CWE-193
Off-by-one Error
CVE-2024-1579
Matching Score-8
Assigner-Secomea A/S
ShareView Details
Matching Score-8
Assigner-Secomea A/S
CVSS Score-8.1||HIGH
EPSS-0.52% / 40.35%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 13:27
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient seeding of random number generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects GateManager: before 11.2.624071020.

Action-Not Available
Vendor-Secomea A/S
Product-GateManagergatemanager
CWE ID-CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
CVE-2022-25156
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.1||HIGH
EPSS-1.21% / 64.68%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-fx5uj-24mt\/essfx5uc-32mt\/dss_firmwarefx5uj-24mt\/es_firmwarefx5uj-60mr\/es_firmwarefx5uj_firmwarefx5uj-60mt\/esfx5uj-60mt\/essfx5uc-32mt\/dss-tsfx5ucfx5uc-32mt\/dfx5uj-40mt\/es_firmwarefx5uj-60mt\/es_firmwarefx5uj-24mt\/ess_firmwarefx5uc-32mt\/ds-tsfx5ujfx5uc_firmwarefx5uj-60mr\/esfx5uj-60mt\/ess_firmwarefx5uj-24mr\/esfx5uc-32mr\/ds-ts_firmwarefx5uj-40mt\/ess_firmwarefx5uc-32mr\/ds-tsfx5uc-32mt\/dssfx5uj-40mr\/es_firmwarefx5uc-32mt\/ds-ts_firmwarefx5uj-24mr\/es_firmwarefx5uj-40mt\/essfx5uj-40mt\/esfx5uj-24mt\/esfx5uj-40mr\/esfx5uc-32mt\/dss-ts_firmwarefx5uc-32mt\/d_firmwareMitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2026-33488
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.25% / 16.34%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 15:23
Updated-24 Mar, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch.

Action-Not Available
Vendor-wwbnWWBN
Product-avideoAVideo
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-8455
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.33% / 25.28%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 07:24
Updated-04 Oct, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

Action-Not Available
Vendor-planetPLANET Technologyplanet_technology_corp
Product-gs-4210-24p2sgs-4210-24p2s_firmwareigs-5225-4up1t2sgs-4210-24pl4cgs-4210-24pl4c_firmwareigs-5225-4up1t2s_firmwareGS-4210-24P2S hardware 3.0IGS-5225-4UP1T2S hardware 1.0GS-4210-24PL4C hardware 2.0gs-4210-24pl4c_hardware_2.0gs-4210-24pl4c_hardware_3.0igs-5225-4up1t2s_hardware_1.0
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2024-50550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.91% / 55.68%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 09:57
Updated-11 May, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiteSpeed Cache plugin <= 6.5.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1.

Action-Not Available
Vendor-litespeedtechLiteSpeed Technologieslitespeed_technologies
Product-litespeed_cacheLiteSpeed Cachelitespeed_cache
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-3549
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.93% / 56.31%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:35
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerfirepower_threat_defenseCisco Firepower Management Center
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-29161
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 30.44%
||
7 Day CHG+0.01%
Published-05 May, 2022 | 23:35
Updated-23 Apr, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2022-29566
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.70% / 48.55%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 18:47
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue.

Action-Not Available
Vendor-bulletproofs_projectn/a
Product-bulletproofsn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-65295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.20% / 10.06%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 00:00
Updated-17 Dec, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

Action-Not Available
Vendor-aqaran/a
Product-camera_hub_g3hub_m3_firmwarehub_m2_firmwarehub_m3hub_m2camera_hub_g3_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-457
Use of Uninitialized Variable
Details not found