Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote malicious users to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco rv320 firmware |
||
cisco rv325 firmware |
||
cisco rvs4000 firmware |
||
cisco wrv210 firmware |
||
cisco wap4410n firmware |
||
cisco wrv200 firmware 1.0.39 |
||
cisco wrvs4400n firmware |
||
cisco wap200 firmware |
||
cisco wvc2300 firmware |
||
cisco pvc2300 firmware |
||
cisco srw224p firmware |
||
cisco wet200 firmware |
||
cisco wap2000 firmware |
||
cisco wap4400n firmware |
||
cisco rv120w firmware |
||
cisco rv180 firmware |
||
cisco rv180w firmware |
||
cisco rv315w firmware |
||
cisco srp520 firmware |
||
cisco srp520-u firmware |
||
cisco wrp500 firmware |
||
cisco spa400 firmware |
||
cisco rtp300 firmware |
||
cisco rv220w firmware |