Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-33488

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 7.4
Products affected by CVE-2026-33488
  • Wwbn » Avideo » Version: N/A
    cpe:2.3:a:wwbn:avideo:-
  • Wwbn » Avideo » Version: 10.1
    cpe:2.3:a:wwbn:avideo:10.1
  • Wwbn » Avideo » Version: 10.2
    cpe:2.3:a:wwbn:avideo:10.2
  • Wwbn » Avideo » Version: 10.4
    cpe:2.3:a:wwbn:avideo:10.4
  • Wwbn » Avideo » Version: 10.8
    cpe:2.3:a:wwbn:avideo:10.8
  • Wwbn » Avideo » Version: 11
    cpe:2.3:a:wwbn:avideo:11
  • Wwbn » Avideo » Version: 11.1
    cpe:2.3:a:wwbn:avideo:11.1
  • Wwbn » Avideo » Version: 11.1.1
    cpe:2.3:a:wwbn:avideo:11.1.1
  • Wwbn » Avideo » Version: 11.5
    cpe:2.3:a:wwbn:avideo:11.5
  • Wwbn » Avideo » Version: 11.6
    cpe:2.3:a:wwbn:avideo:11.6
  • Wwbn » Avideo » Version: 12.4
    cpe:2.3:a:wwbn:avideo:12.4
  • Wwbn » Avideo » Version: 14.2
    cpe:2.3:a:wwbn:avideo:14.2
  • Wwbn » Avideo » Version: 14.3
    cpe:2.3:a:wwbn:avideo:14.3
  • Wwbn » Avideo » Version: 14.3.1
    cpe:2.3:a:wwbn:avideo:14.3.1
  • Wwbn » Avideo » Version: 14.4
    cpe:2.3:a:wwbn:avideo:14.4
  • Wwbn » Avideo » Version: 2.2
    cpe:2.3:a:wwbn:avideo:2.2
  • Wwbn » Avideo » Version: 2.4
    cpe:2.3:a:wwbn:avideo:2.4
  • Wwbn » Avideo » Version: 2.7
    cpe:2.3:a:wwbn:avideo:2.7
  • Wwbn » Avideo » Version: 3.4
    cpe:2.3:a:wwbn:avideo:3.4
  • Wwbn » Avideo » Version: 3.4.1
    cpe:2.3:a:wwbn:avideo:3.4.1
  • Wwbn » Avideo » Version: 4.0
    cpe:2.3:a:wwbn:avideo:4.0
  • Wwbn » Avideo » Version: 4.0.1
    cpe:2.3:a:wwbn:avideo:4.0.1
  • Wwbn » Avideo » Version: 4.0.2
    cpe:2.3:a:wwbn:avideo:4.0.2
  • Wwbn » Avideo » Version: 5.0
    cpe:2.3:a:wwbn:avideo:5.0
  • Wwbn » Avideo » Version: 6.5
    cpe:2.3:a:wwbn:avideo:6.5
  • Wwbn » Avideo » Version: 7.2
    cpe:2.3:a:wwbn:avideo:7.2
  • Wwbn » Avideo » Version: 7.3
    cpe:2.3:a:wwbn:avideo:7.3
  • Wwbn » Avideo » Version: 7.4
    cpe:2.3:a:wwbn:avideo:7.4
  • Wwbn » Avideo » Version: 7.5
    cpe:2.3:a:wwbn:avideo:7.5
  • Wwbn » Avideo » Version: 7.6
    cpe:2.3:a:wwbn:avideo:7.6
  • Wwbn » Avideo » Version: 7.7
    cpe:2.3:a:wwbn:avideo:7.7
  • Wwbn » Avideo » Version: 7.8
    cpe:2.3:a:wwbn:avideo:7.8
  • Wwbn » Avideo » Version: 8.1
    cpe:2.3:a:wwbn:avideo:8.1
  • Wwbn » Avideo » Version: 8.5
    cpe:2.3:a:wwbn:avideo:8.5
  • Wwbn » Avideo » Version: 8.6
    cpe:2.3:a:wwbn:avideo:8.6
  • Wwbn » Avideo » Version: 8.7
    cpe:2.3:a:wwbn:avideo:8.7
  • Wwbn » Avideo » Version: 8.9
    cpe:2.3:a:wwbn:avideo:8.9
  • Wwbn » Avideo » Version: 8.9.1
    cpe:2.3:a:wwbn:avideo:8.9.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved