Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.