Ismartgate Pro Firmware

ismartgate_pro_firmware

Vendor: Gogogate • 11 CVEs

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-13119 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 ismartgate PRO 1.5.9 is vulnerable to clickjacking.
CVE-2020-12843 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
CVE-2020-12842 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.
CVE-2020-12841 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
CVE-2020-12840 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
CVE-2020-12839 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
CVE-2020-12838 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
CVE-2020-12837 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.
CVE-2020-12282 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)
CVE-2020-12281 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
CVE-2020-12280 1Gogogate 1Ismartgate Pro Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.