CVE-2023-49256

CVE-2023-49256: Predictable encryption passphrase used in publicly accessible configuration file

Vendor Hongdian
Product H8951-4G-ESP
Weakness CWE-321
Published January 12, 2024
Last update June 20, 2025

CVSS base score

What the vulnerability does

01Description

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
June 20, 2025 Record updated