CWE-321 使用硬编码的密码学密钥 类弱点 265 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-321 指软件在代码中硬编码了不可更改的加密密钥。攻击者通过逆向工程提取该密钥,即可解密受保护数据或伪造合法通信,严重破坏机密性与完整性。开发者应避免此类做法,改用动态密钥管理机制,如从安全密钥库、环境变量或硬件安全模块中运行时获取密钥,确保密钥可轮换且不与源代码一同发布。
int VerifyAdmin(char *password) { if (strcmp(password,"68af404b513073584c4b6f22b6c63e6b")) { printf("Incorrect Password!\n"); return(0); } printf("Entering Diagnostic Mode...\n"); return(1); }public boolean VerifyAdmin(String password) { if (password.equals("68af404b513073584c4b6f22b6c63e6b")) { System.out.println("Entering Diagnostic Mode..."); return true; } System.out.println("Incorrect Password!"); return false;| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-9260 | 佳能EOS网络设置工具V1.5.0前硬编码密钥漏洞 — EOS Network Setting Tool for Windows | 6.2 | Medium | 2026-06-15 |
| CVE-2026-34029 | Wertheim SafeController Software for VAULT ROOMS 加密问题漏洞 — Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) | - | - | 2026-06-15 |
| CVE-2026-34022 | Wertheim SafeController Family 65000 Hardware for VAULT ROOMS 加密问题漏洞 — Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller) | - | - | 2026-06-15 |
| CVE-2026-28742 | Naxclow Smart Doorbell X3 加密问题漏洞 — Smart Doorbell X3 | 9.8 | Critical | 2026-06-12 |
| CVE-2026-50091 | Aqara Home Android 加密问题漏洞 — com.lumiunited.aqarahome | 9.1 | Critical | 2026-06-12 |
| CVE-2026-11505 | GL.iNet多款产品 加密问题漏洞 — A1300 | 5.0 | Medium | 2026-06-08 |
| CVE-2026-11347 | Linqi 安全漏洞 — linqi | - | - | 2026-06-05 |
| CVE-2026-45433 | GX Group Earth 2022 ONT 安全漏洞 — GX Earth 2022 | - | - | 2026-06-04 |
| CVE-2026-50226 | Acer M6E 安全漏洞 — Connect M6E 5G Portable WiFi Router | - | - | 2026-06-04 |
| CVE-2026-45041 | rustfs 安全漏洞 — rustfs | - | - | 2026-05-28 |
| CVE-2026-24218 | NVIDIA DGX OS 安全漏洞 — DGX Spark | 8.1 | High | 2026-05-20 |
| CVE-2026-31986 | Apache OFBiz 安全漏洞 — Apache OFBiz | - | - | 2026-05-19 |
| CVE-2026-8739 | PublicCMS 加密问题漏洞 — PublicCMS | 5.3 | Medium | 2026-05-17 |
| CVE-2026-25107 | ELECOM WRC和ELECOM WAB 安全漏洞 — WRC-X1800GS-B | - | - | 2026-05-13 |
| CVE-2026-44278 | Fortinet FortiClientWindows 安全漏洞 — FortiClientWindows | 2.1 | Low | 2026-05-12 |
| CVE-2025-40946 | Siemens多款产品 安全漏洞 — blueplanet 100 NX3 M8 | 8.3 | High | 2026-05-12 |
| CVE-2026-33362 | Meari IoT SDK 安全漏洞 — com.meari.sdk | 8.6 | High | 2026-05-11 |
| CVE-2026-8243 | Canias ERP 加密问题漏洞 — Canias ERP | 5.3 | Medium | 2026-05-10 |
| CVE-2026-6787 | WatchGuard Agent 安全漏洞 — WatchGuard Agent | 8.4AI | HighAI | 2026-05-06 |
| CVE-2026-42518 | CDAC e-Sushrut 安全漏洞 — e-Sushrut, Hospital Management Information System (HMIS) | 9.1AI | CriticalAI | 2026-04-29 |
| CVE-2026-7306 | XXL-JOB 加密问题漏洞 — xxl-job | 5.6 | Medium | 2026-04-28 |
| CVE-2026-32644 | Milesight AIOT cameras 安全漏洞 — MS-Cxx63-PD | 9.8 | Critical | 2026-04-27 |
| CVE-2026-7018 | Datavines 加密问题漏洞 — Datavines | 5.6 | Medium | 2026-04-26 |
| CVE-2026-6611 | DjangoBlog 安全漏洞 — DjangoBlog | 3.1 | Low | 2026-04-20 |
| CVE-2026-32958 | Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330AC | 6.5 | Medium | 2026-04-20 |
| CVE-2026-6580 | DjangoBlog 安全漏洞 — DjangoBlog | 7.3 | High | 2026-04-19 |
| CVE-2026-32324 | Anviz CX7 安全漏洞 — Anviz CX7 Firmware | 7.7 | High | 2026-04-17 |
| CVE-2026-5426 | Digital Knowledge KnowledgeDeliver 安全漏洞 — KnowledgeDeliver | 9.8AI | CriticalAI | 2026-04-16 |
| CVE-2026-39810 | Fortinet FortiClientEMS 安全漏洞 — FortiClientEMS | 5.2 | Medium | 2026-04-14 |
| CVE-2026-33266 | Apache OpenMeetings 安全漏洞 — Apache OpenMeetings | 9.8AI | CriticalAI | 2026-04-09 |
CWE-321(使用硬编码的密码学密钥) 是常见的弱点类别,本平台收录该类弱点关联的 265 条 CVE 漏洞。