CVE-2014-10069

HIGH

Hitron CVE-30360 Firmware - Sensitive Information Exposure via Shared DES Key

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10069. PoCs published by aimoda.

AI-analyzed exploit summary This repository contains a Python-based tool for decrypting and encrypting Hitron configuration files using a hardcoded DES key. It leverages a known vulnerability (CVE-2014-10069) to expose sensitive configuration data.

Description

Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.

Exploits (1)

nomisec WORKING POC 11 stars
by aimoda · poc
https://github.com/aimoda/hitron-cfg-decrypter

This repository contains a Python-based tool for decrypting and encrypting Hitron configuration files using a hardcoded DES key. It leverages a known vulnerability (CVE-2014-10069) to expose sensitive configuration data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Hitron routers (firmware versions affected by CVE-2014-10069)
No auth needed
Prerequisites: Access to a Hitron router configuration file (e.g., via backup functionality)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 7.5
EPSS 0.0399
EPSS Percentile 89.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-310
Status published
Products (1)
hitrontech/cve-30360_firmware 3.1.1.21
Published Jan 07, 2018
Tracked Since Feb 18, 2026