← Back

CVE-2024-11308

nvd nist
Published: Nov 18, 2024Modified: Nov 20, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.

Affected (1)

Products: Trcore: Dvc
Trcore
1 product
Dvc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Dvc
From 6.0 to 6.4

Related CWEs

CWE-321
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References (2)

Source: twcert@cert.org.tw
Third Party Advisory
Source: twcert@cert.org.tw
Third Party Advisory

Timeline

No history available yet.