CVE-2014-10069
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.
Los dispositivos Hitron CVE-30360 utilizan una clave DES 578A958E3DD933FC que se comparte en las diferentes instalaciones de los clientes, lo que hace que sea más fácil para los atacantes obtener información sensible descifrando un archivo de configuración de seguridad, tal y como queda demostrado con un hash de contraseña en el campo um_auth_account_password.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-07 CVE Reserved
- 2018-01-07 CVE Published
- 2024-09-16 CVE Updated
- 2024-11-17 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html | Third Party Advisory | |
| https://github.com/Manouchehri/hitron-cfg-decrypter | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://github.com/aimoda/hitron-cfg-decrypter | 2024-11-17 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17 | 2018-02-02 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hitrontech Search vendor "Hitrontech" | Cve-30360 Firmware Search vendor "Hitrontech" for product "Cve-30360 Firmware" | 3.1.1.21 Search vendor "Hitrontech" for product "Cve-30360 Firmware" and version "3.1.1.21" | - |
Affected
| in | Hitrontech Search vendor "Hitrontech" | Cve-30360 Search vendor "Hitrontech" for product "Cve-30360" | - | - |
Safe
|