CVE-2026-34022
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms w...
Published: 2026-06-15 · Last updated: 2026-06-15
Severity and scoring
- CWE
- CWE-321
Description
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-34022
- [Other]https://r.sec-consult.com/wertdev
- [Other]https://wertheim-safes.com/safe-deposit-boxes/
- [Other]https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-wertheim-safecontroller-hardware-for-vault-rooms-safe-deposit-locker-system-microcontroller/
Related CVEs
Same CWE
- CVE-2026-9260 — Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.2 MEDIUM)
- CVE-2026-34029 — The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastr...
- CVE-2026-28742 — Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image (9.8 CRITICAL)
- CVE-2026-50091 — Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptog... (9.1 CRITICAL)
- CVE-2026-11505 — A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x (5.0 MEDIUM)