CVE-2019-10990

Same vendor

• CVE-2020-27283 — An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory loc... (5.3 MEDIUM)
• CVE-2020-27279 — A NULL pointer deference vulnerability has been identified in the protocol converter (7.5 HIGH)
• CVE-2020-27285 — The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database with... (9.1 CRITICAL)
• CVE-2019-10996 — Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited... (7.8 HIGH)
• CVE-2019-10984 — Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited... (7.8 HIGH)

Same CWE

• CVE-2026-28742 — Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image (9.8 CRITICAL)
• CVE-2026-50091 — Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptog... (9.1 CRITICAL)
• CVE-2026-50083 — The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-... (9.1 CRITICAL)
• CVE-2026-10557 — The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices (9.8 CRITICAL)
• CVE-2026-11849 — The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remo... (9.8 CRITICAL)