Vulnerabilities

CVE-2026-22906

by Fred · 09/02/2026

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

More information : https://certvde.com/de/advisories/VDE-2026-004

Similar

Tags: Cybersecurity Alert