Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-49201: Firmware Backup Encryption Key Exposed in upload.cgi
CVE-2026-49201
Summary
An attacker can access and modify system backups on certain devices, potentially allowing them to install malicious software. This vulnerability affects the security of sensitive data stored on these devices. Users should update their firmware to a patched version to protect against this risk.
Original title
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating pe...
Original description
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.
nvd CVSS4.0
10.0
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 29 May 2026 · Updated: 30 May 2026 · First seen: 29 May 2026