Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.
oryginał ENCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XCircutor Sge Plc1000
HWCircutorwszystkie wersjeCircutor Sge Plc1000 Firmware
OSCircutor9.0.2Circutor Sge Plc50
HWCircutorwszystkie wersjeCircutor Sge Plc50 Firmware
OSCircutor9.0.2
Powiązane podatności
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote...
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()'...
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' funct...