You are here

Secomea GateManager (ICSA-20-210-01)

Secomea GateManager (ICSA-20-210-01)

Created: Thursday, July 30, 2020 - 09:42
Categories:
Cyber Security

CISA has published an advisory on improper neutralization of null byte or NUL character, off-by-one error, use of hard-coded credentials, and use of password hash with insufficient computational effort vulnerabilities in Secomea GateManager. All versions prior to 9.2c are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain remote code execution on the device. Secomea has released a new version to mitigate the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.