CVE-2014-10069
HIGHHitron CVE-30360 Firmware - Sensitive Information Exposure via Shared DES Key
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-10069. PoCs published by aimoda.
AI-analyzed exploit summary This repository contains a Python-based tool for decrypting and encrypting Hitron configuration files using a hardcoded DES key. It leverages a known vulnerability (CVE-2014-10069) to expose sensitive configuration data.
Description
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.
Exploits (1)
This repository contains a Python-based tool for decrypting and encrypting Hitron configuration files using a hardcoded DES key. It leverages a known vulnerability (CVE-2014-10069) to expose sensitive configuration data.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N