Common Weakness Enumeration

CWE-321

Allowed

Use of Hard-coded Cryptographic Key

Abstraction: Variant · Status: Draft

The product uses a hard-coded, unchangeable cryptographic key.

503 vulnerabilities reference this CWE, most recent first.

GHSA-PW8J-97JQ-CW6G

Vulnerability from github – Published: 2026-02-13 21:31 – Updated: 2026-02-27 00:31
VLAI
Details

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\Program Files (x86)\Veramark\VeraSMART\WebRoot\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-26335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-13T21:16:52Z",
    "severity": "CRITICAL"
  },
  "details": "Calero VeraSMART versions prior to\u00a02022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\\\Program Files (x86)\\\\Veramark\\\\VeraSMART\\\\WebRoot\\\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application.",
  "id": "GHSA-pw8j-97jq-cw6g",
  "modified": "2026-02-27T00:31:44Z",
  "published": "2026-02-13T21:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26335"
    },
    {
      "type": "WEB",
      "url": "https://www.calero.com"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/calero-verasmart-2022-r1-static-iis-machine-keys-enable-viewstate-rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PWHR-98HP-44R7

Vulnerability from github – Published: 2026-06-15 12:32 – Updated: 2026-06-15 12:32
VLAI
Details

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T12:16:25Z",
    "severity": "MODERATE"
  },
  "details": "The\u00a0Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.",
  "id": "GHSA-pwhr-98hp-44r7",
  "modified": "2026-06-15T12:32:45Z",
  "published": "2026-06-15T12:32:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34029"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/wertheim"
    },
    {
      "type": "WEB",
      "url": "https://wertheim-safes.com/safe-deposit-box-management"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PX3C-RFV8-7MVG

Vulnerability from github – Published: 2025-06-10 15:30 – Updated: 2025-06-10 15:30
VLAI
Details

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T15:15:25Z",
    "severity": "HIGH"
  },
  "details": "A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.",
  "id": "GHSA-px3c-rfv8-7mvg",
  "modified": "2025-06-10T15:30:48Z",
  "published": "2025-06-10T15:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5353"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PXR7-XFV3-MWHV

Vulnerability from github – Published: 2023-07-06 15:30 – Updated: 2024-04-04 05:26
VLAI
Details

An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-06T15:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.",
  "id": "GHSA-pxr7-xfv3-mwhv",
  "modified": "2024-04-04T05:26:45Z",
  "published": "2023-07-06T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22844"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1700"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q336-FJ7P-G7VX

Vulnerability from github – Published: 2026-02-09 09:30 – Updated: 2026-02-09 09:30
VLAI
Details

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-09T08:16:11Z",
    "severity": "CRITICAL"
  },
  "details": "User credentials are stored using AES\u2011ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.",
  "id": "GHSA-q336-fj7p-g7vx",
  "modified": "2026-02-09T09:30:21Z",
  "published": "2026-02-09T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22906"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/de/advisories/VDE-2026-004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q354-79Q7-WX65

Vulnerability from github – Published: 2026-06-16 00:34 – Updated: 2026-06-16 00:34
VLAI
Details

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-16T00:16:35Z",
    "severity": "MODERATE"
  },
  "details": "Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier",
  "id": "GHSA-q354-79q7-wx65",
  "modified": "2026-06-16T00:34:25Z",
  "published": "2026-06-16T00:34:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9260"
    },
    {
      "type": "WEB",
      "url": "https://canon.jp/support/support-info/260615vulnerability-response"
    },
    {
      "type": "WEB",
      "url": "https://psirt.canon/advisory-information/cp2026-005"
    },
    {
      "type": "WEB",
      "url": "https://www.canon-europe.com/support/product-security"
    },
    {
      "type": "WEB",
      "url": "https://www.usa.canon.com/about-us/to-our-customers/cpa2026-005-vulnerability-remediation-for-eos-network-setting-tool"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q363-F26M-JJ5J

Vulnerability from github – Published: 2025-07-21 18:32 – Updated: 2025-07-22 18:30
VLAI
Details

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52374"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-21T16:15:30Z",
    "severity": "MODERATE"
  },
  "details": "Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.",
  "id": "GHSA-q363-f26m-jj5j",
  "modified": "2025-07-22T18:30:41Z",
  "published": "2025-07-21T18:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52374"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hmailserver/hmailserver"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mojibake-dev/hMailEnum"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mojibake-dev/mojibake-CVE/blob/main/hMailServer/CVE-2025-52374.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3G3-7Q7P-5JWV

Vulnerability from github – Published: 2026-07-15 03:32 – Updated: 2026-07-15 03:32
VLAI
Details

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices.  An attacker with access to the firmware image can extract the embedded key. 

Successful exploitation may allow an unauthenticated attacker on the same network to use this key in the web management service, compromising the confidentiality of encrypted communications. This may enable passive decryption of traffic or active man-in-the-middle (MITM) attacks

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-15T01:17:10Z",
    "severity": "HIGH"
  },
  "details": "Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem\nthat is shared across devices.\u00a0 An\nattacker with access to the firmware image can extract the embedded key.\u00a0 \n\n\n\n\n\n\n\n\n\nSuccessful\nexploitation may allow an unauthenticated attacker on the same network to use\nthis key in the web management service, compromising the confidentiality of\nencrypted communications. This may enable passive decryption of traffic or\nactive man-in-the-middle (MITM) attacks",
  "id": "GHSA-q3g3-7q7p-5jwv",
  "modified": "2026-07-15T03:32:51Z",
  "published": "2026-07-15T03:32:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9770"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/en/support/download/ec70/v4/#Firmware-Release-Notes"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/en/support/download/ec71/v4/#Firmware-Release-Notes"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/ec70/v4/#Firmware-Release-Notes"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/download/ec71/v4/#Firmware-Release-Notes"
    },
    {
      "type": "WEB",
      "url": "https://www.tp-link.com/us/support/faq/5192"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q9C3-7QMH-545W

Vulnerability from github – Published: 2025-06-03 00:31 – Updated: 2025-06-03 00:31
VLAI
Details

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T00:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.",
  "id": "GHSA-q9c3-7qmh-545w",
  "modified": "2025-06-03T00:31:02Z",
  "published": "2025-06-03T00:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49164"
    },
    {
      "type": "WEB",
      "url": "https://full-disclosure.eu/reports/2025/FDEU-CVE-2025-1c00-arris-bootloader-shell-injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QC2W-5628-6J6M

Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-05-03 15:30
VLAI
Details

A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T14:15:11Z",
    "severity": "MODERATE"
  },
  "details": "\nA hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.\n\n\n\n\n\n\n\n",
  "id": "GHSA-qc2w-5628-6j6m",
  "modified": "2024-05-03T15:30:54Z",
  "published": "2024-05-03T15:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3109"
    },
    {
      "type": "WEB",
      "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178863"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Prevention schemes mirror that of hard-coded password storage.

No CAPEC attack patterns related to this CWE.