Search
Total
168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26451 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 7.5 HIGH |
| Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known. | |||||
| CVE-2023-46740 | 1 Linuxfoundation | 1 Cubefs | 2024-01-10 | N/A | 9.8 CRITICAL |
| CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the "accesKey", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade. | |||||
| CVE-2021-38606 | 1 Yogeshojha | 1 Rengine | 2024-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| reNgine through 0.5 relies on a predictable directory name. | |||||
| CVE-2023-4462 | 1 Poly | 8 Ccx 400, Ccx 400 Firmware, Ccx 600 and 5 more | 2024-01-09 | N/A | 5.9 MEDIUM |
| A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255. | |||||
| CVE-2023-32831 | 1 Mediatek | 12 Mt6890, Mt7612, Mt7613 and 9 more | 2024-01-05 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868. | |||||
| CVE-2020-1472 | 8 Canonical, Debian, Fedoraproject and 5 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-01-04 | 9.3 HIGH | 5.5 MEDIUM |
| <p>An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (<a href="https://docs.microsoft.com/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f">MS-NRPC</a>). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.</p> <p>To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.</p> <p>Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.</p> <p>For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see <a href="https://support.microsoft.com/kb/4557222">How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472</a> (updated September 28, 2020).</p> <p>When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See <a href="https://technet.microsoft.com/en-us/security/dd252948">Microsoft Technical Security Notifications</a>.</p> | |||||
| CVE-2023-6376 | 1 Henschen | 1 Court Document Management | 2023-12-11 | N/A | 7.5 HIGH |
| Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents. | |||||
| CVE-2023-48056 | 1 Bandoche | 1 Pypinksign | 2023-11-22 | N/A | 7.5 HIGH |
| PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | |||||
| CVE-2021-20322 | 5 Debian, Fedoraproject, Linux and 2 more | 32 Debian Linux, Fedora, Linux Kernel and 29 more | 2023-11-09 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. | |||||
| CVE-2023-24478 | 1 Intel | 1 Quartus Prime | 2023-08-22 | N/A | 5.5 MEDIUM |
| Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-4344 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 9.8 CRITICAL |
| Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection | |||||
| CVE-2023-3373 | 1 Mitsubishielectric | 4 Gs21, Gs21 Firmware, Gt21 and 1 more | 2023-08-10 | N/A | 9.1 CRITICAL |
| Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. | |||||
| CVE-2022-36536 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2023-08-08 | N/A | 9.8 CRITICAL |
| An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens. | |||||
| CVE-2022-30295 | 2 Uclibc, Uclibc-ng Project | 2 Uclibc, Uclibc-ng | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2. | |||||
| CVE-2021-26407 | 1 Amd | 2 Romepi, Romepi Firmware | 2023-08-08 | N/A | 5.5 MEDIUM |
| A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. | |||||
| CVE-2021-45487 | 1 Netbsd | 1 Netbsd | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. | |||||
| CVE-2022-24406 | 1 Open-xchange | 1 Ox App Suite | 2023-08-08 | N/A | 6.5 MEDIUM |
| OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. | |||||
| CVE-2021-45488 | 1 Netbsd | 1 Netbsd | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. | |||||
| CVE-2021-0417 | 1 Google | 1 Android | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702. | |||||
| CVE-2022-32296 | 1 Linux | 1 Linux Kernel | 2023-08-08 | 2.1 LOW | 3.3 LOW |
| The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. | |||||
| CVE-2022-40299 | 1 Singular | 1 Singular | 2023-08-08 | N/A | 7.8 HIGH |
| In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language. | |||||
| CVE-2021-44151 | 1 Reprisesoftware | 1 Reprise License Manager | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit. | |||||
| CVE-2022-22922 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. | |||||
| CVE-2022-29330 | 1 Vitalpbx | 1 Vitalpbx | 2023-08-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. | |||||
| CVE-2021-28099 | 1 Netflix | 1 Hollow | 2023-08-08 | 3.6 LOW | 4.4 MEDIUM |
| In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated. | |||||
| CVE-2021-41694 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2023-08-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. | |||||
| CVE-2021-25677 | 1 Siemens | 6 Nucleus Net, Nucleus Readystart V3, Nucleus Readystart V4 and 3 more | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. | |||||
| CVE-2022-37400 | 1 Apache | 1 Openoffice | 2023-08-02 | N/A | 8.8 HIGH |
| Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice | |||||
| CVE-2023-2884 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2023-08-02 | N/A | 9.8 CRITICAL |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||||
| CVE-2023-3247 | 1 Php | 1 Php | 2023-08-01 | N/A | 4.3 MEDIUM |
| In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. | |||||
| CVE-2020-35163 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. | |||||
| CVE-2022-26647 | 1 Siemens | 58 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 55 more | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions. | |||||
| CVE-2022-25047 | 1 Control-webpanel | 1 Webpanel | 2022-07-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. | |||||
| CVE-2021-28674 | 1 Solarwinds | 1 Orion Platform | 2022-07-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform. | |||||
| CVE-2021-39249 | 1 Invisioncommunity | 1 Invision Power Board | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function. | |||||
| CVE-2021-41829 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. | |||||
| CVE-2021-22309 | 1 Huawei | 8 Usg9500, Usg9500 Firmware, Usg9520 and 5 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00. | |||||
| CVE-2021-41061 | 1 Riot-os | 1 Riot | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots. | |||||
| CVE-2021-28024 | 1 Servicetonic | 1 Servicetonic | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password. | |||||
| CVE-2021-36166 | 1 Fortinet | 1 Fortimail | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. | |||||
| CVE-2021-0466 | 1 Google | 1 Android | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734 | |||||
| CVE-2021-27200 | 1 Wowonder | 1 Wowonder | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day. | |||||
| CVE-2021-38377 | 1 Open-xchange | 1 Ox App Suite | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. | |||||
| CVE-2021-31228 | 1 Hcc-embedded | 1 Nichestack | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is predictable because it is based on the time of day, and has too few bits. | |||||
| CVE-2022-32284 | 1 Yokogawa | 2 Aw810d, Aw810d Firmware | 2022-07-11 | 7.8 HIGH | 7.5 HIGH |
| Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. | |||||
| CVE-2022-31034 | 1 Linuxfoundation | 1 Argo-cd | 2022-07-07 | 6.8 MEDIUM | 8.1 HIGH |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-34295 | 1 Totd Project | 1 Totd | 2022-07-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| totd before 1.5.3 does not properly randomize mesg IDs. | |||||
| CVE-2018-1108 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2022-07-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. | |||||
| CVE-2022-29930 | 1 Jetbrains | 1 Ktor | 2022-06-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. | |||||
| CVE-2022-23138 | 1 Zte | 2 Mf297d, Mf297d Firmware | 2022-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. | |||||