397 matches found
CVE-2026-20757
Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...
CVE-2026-20757
CVE-2026-20757 is an Improper Locking (CWE-667) vulnerability in the Gallagher Morpho integration affecting the Command Centre Server. Affected versions include 9.40 before vEL9.40.1976(MR1), 9.30 before vEL9.30.3382(MR4), 9.20 before vEL9.20.3783(MR6), 9.10 before vEL9.10.4647(MR9), and all 9.00...
CVE-2026-20757
Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...
EUVD-2026-9275
Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...
Gallagher Command Centre Server 安全漏洞
The Gallagher Command Centre Server is a management system developed by the New Zealand-based Gallagher company, used for monitoring and managing infrastructure within buildings. There is a security vulnerability in the Gallagher Command Centre Server, caused by improper locking mechanisms, which...
PT-2026-22717
Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...
Gallagher Command Centre Mobile Client 安全漏洞
Gallagher Command Centre Mobile Client is a mobile application developed by the New Zealand-based company Gallagher. Versions of Gallagher Command Centre Mobile Client prior to version 9.40.123 contained security vulnerabilities. These vulnerabilities stemmed from the storage of sensitive...
PT-2026-22716
Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...
Gallagher NxWitness VMS 安全漏洞
Gallagher NxWitness VMS is a video management system developed by the New Zealand-based Gallagher company. Versions of Gallagher NxWitness VMS prior to 9.10.017 and 9.10.025 contained security vulnerabilities. These vulnerabilities stemmed from the transmission of sensitive information in plainte...
CVE-2020-7215
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991MR5, 8.00 before 8.00.1161MR5, and 8.10 before 8.10.1134MR4. External system configuration data used for third party integrations such as DVR systems were logged in the Command Centre event trail. Any authenticated operator wi...
CVE-2022-26348
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded in...
CVE-2022-26078
Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30...
CVE-2024-41724
Improper Certificate Validation CWE-295 in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043...
Gallagher HBUS Devices 安全漏洞
Gallagher HBUS Devices is a family of access control and alarm peripheral devices from Gallagher New Zealand. A security vulnerability exists in Gallagher HBUS Devices that stems from improper use of seeds in the pseudo-random number generator, which could result in corrupting internal device...
Gallagher T-Series Reader 安全漏洞
The Gallagher T-Series Reader is a card reader in an access control system from Gallagher of New Zealand. A security vulnerability exists in the Gallagher T-Series Reader that stems from improper resource release and could lead to a denial of service attack...
Gallagher HBUS Devices 安全漏洞
Gallagher HBUS Devices is a family of access control and alarm peripheral devices from Gallagher New Zealand. A security vulnerability exists in Gallagher HBUS Devices that stems from an observable timing difference that could lead to the extraction of device-specific keys...
CVE-2025-48428
Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...
CVE-2025-47699
Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...
CVE-2025-48428
Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...
EUVD-2025-35648
Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...