Secomea Gatemanager 8250 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Secomea Gatemanager 8250 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2020-14500 — CVSS 10.0 (critical): Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data.
CVE-2020-14510 — CVSS 9.8 (critical): GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to…
CVE-2020-29026 — CVSS 9.0 (critical): A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with…
CVE-2020-29032 — CVSS 8.4 (high): Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute…
CVE-2020-14512 — CVSS 8.1 (high): GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.
CVE-2020-14508 — CVSS 8.1 (high): GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely…
CVE-2022-25787 — CVSS 7.5 (high): Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to…
CVE-2020-29031 — CVSS 7.1 (high): An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset…
CVE-2021-32010 — CVSS 5.6 (medium): Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle…
CVE-2022-25782 — CVSS 5.4 (medium): Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update…
CVE-2020-29024 — CVSS 5.3 (medium): Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an…
CVE-2020-29022 — CVSS 5.3 (medium): Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning…
CVE-2022-25783 — CVSS 4.3 (medium): Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging…
CVE-2022-25779 — CVSS 4.3 (medium): Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This…
CVE-2022-25780 — CVSS 4.3 (medium): Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
CVE-2022-25778 — CVSS 4.2 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in…
CVE-2022-25781 — CVSS 4.2 (medium): Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged…
CVE-2021-32004 — CVSS 3.7 (low): This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager…
CVE-2020-29023 — CVSS 3.5 (low): Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate…
CVE-2020-29021 — CVSS 3.5 (low): A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue…