Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote malicious users to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco rv320_firmware |
||
cisco rv325_firmware |
||
cisco rvs4000_firmware |
||
cisco wrv210_firmware |
||
cisco wap4410n_firmware |
||
cisco wrv200_firmware 1.0.39 |
||
cisco wrvs4400n_firmware |
||
cisco wap200_firmware |
||
cisco wvc2300_firmware |
||
cisco pvc2300_firmware |
||
cisco srw224p_firmware |
||
cisco wet200_firmware |
||
cisco wap2000_firmware |
||
cisco wap4400n_firmware |
||
cisco rv120w_firmware |
||
cisco rv180_firmware |
||
cisco rv180w_firmware |
||
cisco rv315w_firmware |
||
cisco srp520_firmware |
||
cisco srp520-u_firmware |
||
cisco wrp500_firmware |
||
cisco spa400_firmware |
||
cisco rtp300_firmware |
||
cisco rv220w_firmware |