4 CVE-2024-52614

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product.
https://nvd.nist.gov/vuln/detail/CVE-2024-52614

Categories

CWE-321 : Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Prevention schemes mirror that of hard-coded password storage. Engineering Workstation uses hard-coded cryptographic keys that could allow for unathorized filesystem access and privilege escalation Remote Terminal Unit (RTU) uses a hard-coded SSH private key that is likely to be used by default. WiFi router service has a hard-coded encryption key, allowing root access Communications / collaboration product has a hardcoded SSH private key, allowing access to root account

References

 

CPE

cpe	start	end

---

REMEDIATION

---

---

EXPLOITS

---

Exploit-db.com

id	description	date
No known exploits

---

POC Github

Url
No known exploits

---

Other Nist (github, ...)

Url
No known exploits

---

CAPEC

---

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

---