CVE-2022-0664
9.8 CRITICALUse of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1
Published: 2022-02-18 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-321
Affected products
| Vendor | Product |
|---|---|
| netmaker | netmaker |
Description
Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2022-0664
- [Patch]https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf
- [Patch]https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac
- [Patch]https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf
- [Patch]https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac
Related CVEs
Same vendor
- CVE-2026-38651 — Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0 (8.2 HIGH)
- CVE-2026-29771 — Netmaker makes networks with WireGuard (6.5 MEDIUM)
- CVE-2023-32079 — Netmaker makes networks with WireGuard (8.8 HIGH)
- CVE-2023-32078 — Netmaker makes networks with WireGuard (7.5 HIGH)
- CVE-2023-32077 — Netmaker makes networks with WireGuard (7.5 HIGH)
Same CWE
- CVE-2026-28742 — Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image (9.8 CRITICAL)
- CVE-2026-50091 — Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptog... (9.1 CRITICAL)
- CVE-2026-11505 — A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x (5.0 MEDIUM)
- CVE-2026-46395 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-11347 — The linqi application contains hardcoded cryptographic keys