CWE-321 · Use of Hard-coded Cryptographic Key

302 CVEs classified under CWE-321 (Use of Hard-coded Cryptographic Key). Browse by severity and year.

Top CVEs for CWE-321
CVESeverityScorePublishedSummary
CVE-2024-30207Critical10.02024-05-14A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (…
CVE-2016-9335Critical10.02018-05-09A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride…
CVE-2024-35344Critical9.92024-05-28Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D3…
CVE-2026-28742Critical9.82026-06-12Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered fr…
CVE-2026-32644Critical9.82026-04-28Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
CVE-2025-67112Critical9.82026-03-19Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3…
CVE-2025-67305Critical9.82026-02-19In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deploymen…
CVE-2026-26335Critical9.82026-02-13Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program File…
CVE-2026-25894Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker…
CVE-2026-22906Critical9.82026-02-09User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and…
CVE-2026-25505Critical9.82026-02-04Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs i…
CVE-2026-22586Critical9.82026-01-24Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsu…
CVE-2025-62581Critical9.82026-01-16Delta Electronics DIAView has multiple vulnerabilities.
CVE-2025-15016Critical9.82025-12-22Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed k…
CVE-2025-54947Critical9.82025-12-12In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the…
CVE-2025-34256Critical9.82025-12-05Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for sign…
CVE-2025-12599Critical9.82025-11-01Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-59407Critical9.82025-10-02The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and…
CVE-2025-34217Critical9.82025-09-30Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded…
CVE-2025-8625Critical9.82025-09-30The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin fall…