CVE-2022-25780

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*

History

11 May 2022, 18:48

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References (MISC) https://www.secomea.com/support/cybersecurity-advisory/ - (MISC) https://www.secomea.com/support/cybersecurity-advisory/ - Vendor Advisory
CPE cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*
cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*
cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*
cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
First Time Secomea gatemanager 8250
Secomea gatemanager 4260 Firmware
Secomea gatemanager 4250
Secomea gatemanager 4250 Firmware
Secomea gatemanager 8250 Firmware
Secomea
Secomea gatemanager 4260
Secomea gatemanager 9250
Secomea gatemanager 9250 Firmware

04 May 2022, 15:35

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-04 14:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-25780

Mitre link : CVE-2022-25780

CVE.ORG link : CVE-2022-25780


JSON object : View

Products Affected

secomea

  • gatemanager_4260_firmware
  • gatemanager_9250
  • gatemanager_9250_firmware
  • gatemanager_4250
  • gatemanager_8250_firmware
  • gatemanager_4250_firmware
  • gatemanager_4260
  • gatemanager_8250
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor