Vulnerability Description
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitrontech | Cve-30360 Firmware | 3.1.1.21 |
| Hitrontech | Cve-30360 | - |
Related Weaknesses (CWE)
References
- https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.htmlThird Party Advisory
- https://github.com/Manouchehri/hitron-cfg-decrypterBroken Link
- https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53cPatchThird Party Advisory
- https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.htmlThird Party Advisory
- https://github.com/Manouchehri/hitron-cfg-decrypterBroken Link
- https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53cPatchThird Party Advisory
FAQ
What is CVE-2014-10069?
CVE-2014-10069 is a vulnerability with a CVSS score of 7.5 (HIGH). Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a ba...
How severe is CVE-2014-10069?
CVE-2014-10069 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-10069?
Check the references section above for vendor advisories and patch information. Affected products include: Hitrontech Cve-30360 Firmware, Hitrontech Cve-30360.