CRITICAL🇵🇱 Wersja polska

CVE-2026-22906

CVSS 9.8v3.1pub. 2026-02-09upd. 2026-04-15

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

🤖 AI Analysis
How it works

The application uses the AES algorithm in ECB mode to encrypt credentials; however, the encryption key is hardcoded in the software (CWE-321). This means that anyone who knows the key or can extract it from the application can decrypt any configuration file containing credentials. The vulnerability is particularly dangerous in combination with the possibility of authentication bypass (auth bypass), which allows an attacker to obtain the configuration file without having any permissions. ECB mode additionally does not provide semantic security, which facilitates analysis of encrypted data.

Impact

An attacker can recover plaintext usernames and passwords from a stolen configuration file, leading to complete account takeover and loss of confidentiality, integrity, and availability of the system.

Mitigation & patch

Manufacturer patches should be applied in accordance with the references (https://certvde.com/de/advisories/VDE-2026-004). Until the fix is implemented, it is recommended to restrict access to the configuration file and the network where the device operates.

Who is affected

Versions indicated in the manufacturer's references (advisory VDE-2026-004 on certvde.com)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References