Name of the Vulnerable Software and Affected Versions:

egOS WebGUI (affected versions not specified)

Description:

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of a hard-coded cryptographic key. This allows attackers to forge authentication tokens, potentially gaining unauthorized access to the system.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.