CVE-2026-5420

Published: Apr 02, 2026 Last Modified: Apr 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,0
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW 2,5
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
LOW 1,0
Source: [email protected]
Access Vector: local
Access Complexity: high
Authentication: single
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AES_IV/AES_PASSWORD results in use of hard-coded cryptographic key
. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

321

Use of Hard-coded Cryptographic Key

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Read Application Data
Applicable Platforms
Technologies: ICS/OT
Likelihood of Exploit: High
View CWE Details
https://vuldb.com/submit/781740
https://vuldb.com/submit/781740
https://vuldb.com/vuln/354856
https://vuldb.com/vuln/354856
https://vuldb.com/vuln/354856/cti
https://vuldb.com/vuln/354856/cti
https://www.notion.so/Exposed-Cryptographic-Key-and-IV-in-c…
https://www.notion.so/Exposed-Cryptographic-Key-and-IV-in-cats-goods-sort-sorti…