CVE-2020-14510 – OFF-BY-ONE ERROR CWE-193
https://notcve.org/view.php?id=CVE-2020-14510
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. GateManager versiones anteriores a 9.2c, el producto afectado contiene una credencial embebida para telnet, lo que permite a un atacante no privilegiado ejecutar comandos como root • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-193: Off-by-one Error CWE-798: Use of Hard-coded Credentials •
CVE-2020-14508 – OFF-BY-ONE ERROR CWE-193
https://notcve.org/view.php?id=CVE-2020-14508
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. GateManager versiones anteriores a 9.2c, el producto afectado es vulnerable a un error por un paso, que puede permitir a un atacante ejecutar remotamente código arbitrario o causar una condición de denegación de servicio • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-193: Off-by-one Error •
CVE-2020-14500 – IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158
https://notcve.org/view.php?id=CVE-2020-14500
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. Secomea GateManager todas las versiones anteriores a 9.2c, un atacante puede enviar un valor negativo y sobrescribir datos arbitrarios • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-476: NULL Pointer Dereference •