Use of Hard-coded Cryptographic Key

CVE-2019-10963

Medium

4.3/10

Summary

Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-321 - Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References

Advisory Timeline

Published Oct 08, 2019

Use of Hard-coded Cryptographic Key

CVE-2019-10963

Summary

CWE-321 - Use of Hard-coded Cryptographic Key

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS