GHSA-5xrr-7q3m-rh98CriticalCVSS 9.8

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES...

Published
May 29, 2026
Last Modified
June 8, 2026

🔗 CVE IDs covered (1)

📋 Description

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.

🔗 References (3)