Huawei cryptographic keys embedded in Cisco's firmware

Huawei cryptographic keys embedded in Cisco's firmware
Things happen when they happen. And when developers use third-party or open source libraries in their own product, they may not be aware of potential security issues. Testing firmware for vulnerabilities is time consuming, yet absolutely necessary for compliance with established security standards and legal requirements. That's why we developed IoT Inspector: to automate security analyses of firmware and to assure a security baseline at scale. We are constantly improving IoT Inspector's analysis capabilities. To test new features and capabilities we analyze firmware images from various vendors regularly. One of the more recent analysis results caught us by surprise...Who is Gary, and why are his keys embedded in Cisco's firmware?
Cisco SG250 Smart Switch/root/.ssh/
Futurewei TechnologiesHuawei Technologies

About Onekey
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of the automated ONEKEY Product Cybersecurity & Compliance Platform (OCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

CONTACT:
Sara Fortmann
Senior Marketing Manager
sara.fortmann@onekey.com
euromarcom public relations GmbH
team@euromarcom.de
RELATED RESEARCH ARTICLES

Security Advisory: Remote Code Execution on Weidmüller IE-SR-2TX (CVE-2025-41663)
Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Weidmüller IE-SR-2TX. Learn about the risks and recommended actions.
Ready to automate your Product Cybersecurity & Compliance?
Make cybersecurity and compliance efficient and effective with ONEKEY.