CVE-2021-41096
7.5 HIGHRucky is a USB HID Rubber Ducky Launch Pad for Android
Published: 2021-09-27 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-327
Affected products
| Vendor | Product |
|---|---|
| rucky_project | rucky |
Description
Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm (RSA/ECB/PKCS1Padding). The issue will be patched in v2.3 for release builds and 426 onwards for nightly builds. As a workaround, one may disable an advance security feature if not required.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41096
- [Patch]https://github.com/mayankmetha/Rucky/commit/5e3a477365009f488a73efd26a91168502de1b93
- [Other]https://github.com/mayankmetha/Rucky/security/advisories/GHSA-32m7-456v-wgfw
- [Patch]https://github.com/mayankmetha/Rucky/commit/5e3a477365009f488a73efd26a91168502de1b93
- [Other]https://github.com/mayankmetha/Rucky/security/advisories/GHSA-32m7-456v-wgfw
Related CVEs
Same CWE
- CVE-2026-9261 — Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.8 MEDIUM)
- CVE-2026-50086 — The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authent... (10.0 CRITICAL)
- CVE-2026-40996 — Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation Reques... (4.8 MEDIUM)
- CVE-2025-10237 — During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could... (6.7 MEDIUM)
- CVE-2026-11481 — A vulnerability was determined in yoanbernabeu grepai up to 0.35.0 (2.5 LOW)