Gatemanager 8250 Firmware
CVE-2020-14510
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.
AnalysisAI
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-193. GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. Affected products include: Secomea Gatemanager 8250 Firmware. Version information: prior to 9.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Gatemanager 8250 Firmware
View allGateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attack
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. Rate
Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get r
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 82
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versio
Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript
Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to acc
This issue affects: Secomea GateManager All versions prior to 9.6. Rated medium severity (CVSS 5.3), this vulnerability
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries
Same weakness CWE-193 – Off-by-one Error
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today