Опубликовано: 18 сент. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 9.3
CVSS3: 9.8
Описание
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.
EPSS
Процентиль: 35%
0.00146
Низкий
9.3 Critical
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
CWE-321
Связанные уязвимости
CVSS3: 9.8
nvd
5 месяцев назад
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.
EPSS
Процентиль: 35%
0.00146
Низкий
9.3 Critical
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
CWE-321