Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Network-accessible web interface (AV:N), no complexity (AC:L), requires Service or Admin role (PR:L), partial confidentiality only for SNMP keys (C:L), no integrity or availability impact.
Primary rating from Vendor (sba-research).
CVSS VectorVendor: sba-research
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
AnalysisAI
The genucenter web interface by genua exposes SNMP authentication and encryption keys in cleartext HTTP responses to any user holding the 'Service' or 'Admin' role, enabling credential theft without any exploitation complexity beyond normal authenticated use. Affected versions are all releases prior to 8.0p11; the fix was disclosed by sba-research via a coordinated advisory in April 2026. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session in the genucenter web interface with either the 'Service' or 'Admin' role assigned - unauthenticated access is not sufficient. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 score of 4.3 Medium accurately reflects the constrained attack surface: exploitation requires network access (AV:N) with low privileges (PR:L), but the impact is limited to partial confidentiality (C:L) with no integrity or availability consequence (I:N/A:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has compromised a help-desk or network operations account with the 'Service' role logs into the genucenter web interface and performs routine management actions. By inspecting the HTTP responses - using browser developer tools or a local proxy - they extract SNMP v3 authentication and encryption keys returned by the server. … |
| Remediation | The primary fix is upgrading genucenter to version 8.0p11 or later, which resolves the unnecessary inclusion of SNMP credentials in HTTP responses. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41051
GHSA-296j-g5j7-v64q