CVE-2025-11781
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
SGE-PLC1000 SGE-PLC50 · Circutor¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →