7.5
CVE-2023-49256
- EPSS 0.47%
- Veröffentlicht 12.01.2024 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:33:08
- Quelle cvd@cert.pl
- CVE-Watchlists
- Unerledigt
LoginPredictable encryption passphrase used in publicly accessible configuration file
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hongdian ≫ H8951-4g-esp Firmware Version < 2310271149
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.367 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://cert.pl/en/posts/2024/01/CVE-2023-49253/
https://cert.pl/posts/2024/01/CVE-2023-49253/