Skip to main content

Gatemanager 8250 Firmware

16 CVEs product

Monthly

CVE-2022-25787 MEDIUM This Month

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-25783 MEDIUM This Month

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25782 MEDIUM This Month

Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25781 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25780 MEDIUM This Month

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25779 MEDIUM This Month

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-25778 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-32004 MEDIUM This Month

This issue affects: Secomea GateManager All versions prior to 9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-11646 MEDIUM This Month

A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-11645 MEDIUM This Month

A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gatemanager 9250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-11644 MEDIUM This Month

The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-11643 MEDIUM This Month

An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-14512 HIGH This Week

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-14510 CRITICAL Act Now

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14508 CRITICAL Act Now

GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Gatemanager 8250 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-14500 CRITICAL Act Now

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
EPSS 0% CVSS 6.7
MEDIUM This Month

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gatemanager 4250 Firmware Gatemanager 4260 Firmware +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

This issue affects: Secomea GateManager All versions prior to 9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gatemanager 9250 Firmware Gatemanager 4260 Firmware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 9250 Firmware Gatemanager 4260 Firmware +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Gatemanager 8250 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 8250 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy