CVE-2023-42492
7.1HIGH
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key
10/25/2023CWE-321, CWE-798
Weakness Type
CWE-321
All CVE vulnerabilities classified under this weakness type.
View on MITRE CWETotal CVEs
50
Critical
14
In KEV
0
With Exploits
0
CVE-2025-26340
8.8HIGH
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via cra
A CWE-321 "Use of Hard-coded Cryptographic Key" in the JWT signing in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to bypass the authentication via cra...
2/12/2025CWE-321
CVE-2024-54027
8.2HIGH
A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and belo
A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and belo...
3/17/2025CWE-321
CVE-2024-33504
4.1MEDIUM
A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all version
A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all version...
2/11/2025CWE-321
CVE-2025-24525
7.5HIGH
Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the en
Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the en...
9/30/2025CWE-321, CWE-321
CVE-2025-2810
5.5MEDIUM
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.
8/5/2025CWE-321
CVE-2025-49164
4.3MEDIUM
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
6/3/2025CWE-321
CVE-2023-21705
8.8HIGH
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft SQL Server Remote Code Execution Vulnerability
2/14/2023CWE-321
CVE-2025-64304
4.0MEDIUM
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.
11/25/2025CWE-321
CVE-2024-33849
6.5MEDIUM
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.
ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.
5/28/2024CWE-321, CWE-522 +2
CVE-2019-19750
9.8CRITICAL
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
12/12/2019CWE-321
CVE-2024-42418
7.5HIGH
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
8/22/2024CWE-321
CVE-2021-38461
8.2HIGH
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.
The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.
10/22/2021CWE-321, CWE-798
CVE-2025-60250
4.7MEDIUM
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.
9/26/2025CWE-321
CVE-2023-49256
7.5HIGH
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.
1/12/2024CWE-321, CWE-798
CVE-2024-46612
9.8CRITICAL
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
9/25/2024CWE-321
CVE-2024-28989
5.5MEDIUM
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
2/11/2025CWE-321, CWE-798
CVE-2025-58426
4.3MEDIUM
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications.
desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications.
10/16/2025CWE-321
CVE-2025-5353
8.8HIGH
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
6/10/2025CWE-321
CVE-2025-22455
8.8HIGH
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
6/10/2025CWE-321
CVE-2025-27674
9.8CRITICAL
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.
3/5/2025CWE-321
CVE-2024-11308
6.2MEDIUM
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.
11/18/2024CWE-321
CVE-2025-22463
7.3HIGH
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
6/10/2025CWE-321
CVE-2024-56429
7.7HIGH
itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.
itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.
5/21/2025CWE-321
CVE-2025-63289
9.1CRITICAL
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file
11/12/2025CWE-321
CVE-2025-56577
8.4HIGH
An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
8/29/2025CWE-321
CVE-2025-44963
9.0CRITICAL
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
8/4/2025CWE-321
CVE-2022-48625
7.5HIGH
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.
2/20/2024CWE-321
CVE-2022-0664
9.8CRITICAL
Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.
Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.
2/18/2022CWE-321
CVE-2014-5403
NONE
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the netwo
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the netwo...
4/3/2015CWE-321, CWE-310
CVE-2025-15016
9.8CRITICAL
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information a
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information a...
12/22/2025CWE-321
CVE-2025-54807
9.8CRITICAL
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access...
9/18/2025CWE-321
CVE-2024-3109
6.3MEDIUM
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.
5/3/2024CWE-321
CVE-2023-3632
9.8CRITICAL
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Hom
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Hom...
8/9/2023CWE-321
CVE-2023-38535
4.7MEDIUM
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.
3/13/2024CWE-321, CWE-798
CVE-2022-22987
9.8CRITICAL
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.
2/4/2022CWE-321, CWE-798
CVE-2021-32520
9.8CRITICAL
Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendatio
Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendatio...
7/7/2021CWE-321, CWE-798
CVE-2019-7594
6.8MEDIUM
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
8/20/2019CWE-321, CWE-798
CVE-2025-38741
7.5HIGH
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized acc
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized acc...
8/4/2025CWE-321, CWE-798
CVE-2024-6890
8.8HIGH
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administra
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administra...
8/7/2024CWE-321, CWE-334 +2
CVE-2025-30234
8.3HIGH
SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26).
SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26).
3/19/2025CWE-321
CVE-2024-31410
7.7HIGH
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malici
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malici...
5/15/2024CWE-321
CVE-2021-27389
9.8CRITICAL
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.
4/22/2021CWE-321
CVE-2020-7846
8.0HIGH
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag...
2/24/2021CWE-321, CWE-798
CVE-2018-0040
9.8CRITICAL
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized acc
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized acc...
7/11/2018CWE-321, CWE-798
CVE-2025-12599
9.8CRITICAL
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
11/1/2025CWE-321
CVE-2025-54471
6.5MEDIUM
NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations whe
NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations whe...
10/30/2025CWE-321
CVE-2025-46582
7.7HIGH
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposur
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposur...
10/27/2025CWE-321
CVE-2025-52373
4.6MEDIUM
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
7/21/2025CWE-321
CVE-2024-45837
5.4MEDIUM
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or...
11/22/2024CWE-321
Showing 50 of many CVEs