CVE-2020-29026: Path Traversal
First published: Mon Feb 15 2021(Updated: )
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.
Credit: VulnerabilityReporting@secomea.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Secomea Gatemanager 8250 Firmware | <9.2c | |
| Secomea Gatemanager 8250 | ||
| Secomea Gatemanager 4250 Firmware | <9.0i | |
| Secomea Gatemanager 4250 | ||
| Secomea Gatemanager 4260 Firmware | <9.0i | |
| Secomea Gatemanager 4260 | ||
| Secomea Gatemanager 9250 Firmware | <9.0i | |
| Secomea Gatemanager 9250 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-29026.
What is the severity level of CVE-2020-29026?
CVE-2020-29026 has a severity level of critical.
Which software versions are affected by CVE-2020-29026?
CVE-2020-29026 affects all versions of GateManager prior to 9.2c.
How does CVE-2020-29026 impact the system?
CVE-2020-29026 allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system.
Is there a fix available for CVE-2020-29026?
To mitigate CVE-2020-29026, it is recommended to update GateManager to version 9.2c or later.
- collector/nvd-index
- vendor/secomea
- canonical/secomea gatemanager 8250 firmware
- canonical/secomea gatemanager 8250
- canonical/secomea gatemanager 4250 firmware
- canonical/secomea gatemanager 4250
- canonical/secomea gatemanager 4260 firmware
- canonical/secomea gatemanager 4260
- canonical/secomea gatemanager 9250 firmware
- canonical/secomea gatemanager 9250