Gogogate Ismartgate_pro_firmware

11 CVEs affecting Gogogate Ismartgate_pro_firmware. Latest disclosed: 2020-09-24. Critical: 4, High: 3.

Top CVEs affecting Gogogate Ismartgate_pro_firmware
CVESeverityScorePublishedSummary
CVE-2020-12843Critical9.82020-09-24ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
CVE-2020-12842Critical9.82020-09-24ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.
CVE-2020-12839Critical9.82020-09-24ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
CVE-2020-12838Critical9.82020-09-24ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
CVE-2020-12282High8.82020-09-24iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined w…
CVE-2020-13119High8.12020-09-24ismartgate PRO 1.5.9 is vulnerable to clickjacking.
CVE-2020-12837High7.52020-09-24ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.
CVE-2020-12841Medium6.52020-09-24ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
CVE-2020-12840Medium6.52020-09-24ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
CVE-2020-12281Medium6.52020-09-24iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
CVE-2020-12280Medium6.52020-09-24iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.