CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32004 – GateManager does not enforce strict hostname matching for WEB server
https://notcve.org/view.php?id=CVE-2021-32004
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning. Este problema afecta a: Secomea GateManager Todas las versiones anteriores a 9.6. Una comprobación inapropiada del encabezado del host en el servidor web de Secomea GateManager permite a un atacante causar el envenenamiento de la caché del navegador • https://www.secomea.com/support/cybersecurity-advisory/#4578 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32003 – Configuration service port remains open 10 minutes after reboot even when already provisioned
https://notcve.org/view.php?id=CVE-2021-32003
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. Una vulnerabilidad de Transporte Desprotegido de Credenciales en el servicio de aprovisionamiento de SiteManager, permite a un atacante local capturar credenciales si el servicio es usado después del aprovisionamiento. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware • https://www.secomea.com/support/cybersecurity-advisory • CWE-522: Insufficiently Protected Credentials CWE-523: Unprotected Transport of Credentials •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32002 – SiteManager troubleshooter allows access without authentication from local network
https://notcve.org/view.php?id=CVE-2021-32002
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. Una vulnerabilidad de control de acceso inapropiado en el servicio web de Secomea SiteManager permite a un atacante local sin credenciales recopilar información de red y configuración del SiteManager. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware • https://www.secomea.com/support/cybersecurity-advisory • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29030 – Insufficient CSRF guards
https://notcve.org/view.php?id=CVE-2020-29030
Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la GUI web de Secomea GateManager, permite a un atacante ejecutar código malicioso. Este problema afecta a: Secomea GateManager Todas las versiones anteriores a 9.4 • https://www.secomea.com/support/cybersecurity-advisory • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29020 – Reject Remote Management via Cellular UPLINK2
https://notcve.org/view.php?id=CVE-2020-29020
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. Una vulnerabilidad de Control de Acceso Inapropiado en el servicio web de Secomea SiteManager, permite a un atacante remoto acceder a la interfaz de usuario web desde Internet usando las credenciales configuradas. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.4.620527004 en hardware • https://www.secomea.com/support/cybersecurity-advisory/#3217 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •