CVE-2020-14508 OFF-BY-ONE ERROR CWE-193

GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition...

CVE-2020-14500 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

CVE-2020-14500

CVE-2020-14500 affects Secomea GateManager (all versions prior to 9.2c). The flaw arises from improper handling of HTTP headers, allowing an unauthenticated remote attacker to send a negative value and overwrite arbitrary data, potentially enabling remote code execution, data tampering, or DoS. I...

CVE-2020-14500

The discovered bug occurs due to improper handling of some of the HTTP request headers provided by the client. This could allow an attacker to remotely exploit GateManager to achieve remote code execution without any authentication required. If carried out successfully, such an attack could resul...

Secomea GateManager Code Issue Vulnerability

Secomea GateManager is a remote access server product from Secomea, Denmark. A code issue vulnerability exists in Secomea GateManager versions prior to 9.2c. The vulnerability stems from an improper design or implementation during code development for a network system or product. An attacker coul...

Secomea GateManager Numeric Error Vulnerability

Secomea GateManager is a remote access server product from Secomea, Denmark. A numeric error vulnerability exists in Secomea GateManager versions prior to 9.2c. The vulnerability arises from a network system or product not properly calculating or converting generated numbers. A remote attacker...

Secomea GateManager Trust Management Issues Vulnerability

Secomea GateManager is a remote access server product from Secomea, Denmark. A trust management issue vulnerability exists in Secomea GateManager versions prior to 9.2c that stems from the program's use of hard-coded credentials. A remote attacker can exploit this vulnerability to execute command...

Secomea GateManager Trust Management Issues Vulnerability (CNVD-2020-43750)

Secomea GateManager is a remote access server product from Secomea, Denmark. A trust management issue vulnerability exists in Secomea GateManager versions prior to 9.2c that stems from the program's use of a weak hash type. A remote attacker could exploit this vulnerability to view user passwords...

Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology OT networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems ICS. A n...

Secomea GateManager

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Secomea Equipment: GateManager Vulnerabilities: Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient...