Product
A vulnerability exists in MAXHUB Pivot client application versions prior to v1.36.2, where a hardcoded AES key allows attackers to decrypt tenant email addresses and associated metadata, and potentially cause a denial-of-service via unauthorized device enrollment through MQTT.