CVE-2022-26078

CVE-2022-26078 describes a Denial of Service against the Gallagher Controller 6000 caused by conflicting ARP packets with a duplicate IP address. Affected versions include Gallagher Controller 6000 vCR8.60 before 220303a; vCR8.50 before 220303a; vCR8.40 before 220303a; and vCR8.30 before 220303a....

CVE-2023-41967

Affected product and versions: Gallagher Controller 6000, versions 8.60 or earlier, and 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 MR5). Root cause / description: Sensitive information is not cleared after a debug or power state transition, allowing an attacker with knowledge of the ...

CVE-2023-24584

CVE-2023-24584 affects Gallagher Controller 6000. The vulnerability is a buffer overflow triggered by the Controller diagnostic web interface upload feature. Affected versions include before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, and all versions ...

CVE-2023-24590

CVE-2023-24590 describes a format-string vulnerability in Gallagher Controller 6000’s optional diagnostic web interface. The issue allows write/read access to memory and can crash the device, potentially causing a Denial of Service. Affected are Gallagher Controller 6000 versions 8.60 prior to vC...

CVE-2023-22439

The CVE-2023-22439 entry concerns Gallagher Controller 6000 and 7000 (all affected versions listed below) and stems from improper input validation of a large HTTP request in the diagnostic web interface (Port 80). This vulnerability can be exploited to cause a Denial of Service against the diagno...