Vulnerabilities > Gogogate

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-13119 Improper Restriction of Rendered UI Layers or Frames vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to clickjacking.
network
low complexity
gogogate CWE-1021
8.1
8.1
2020-09-24 CVE-2020-12843 Unrestricted Upload of File with Dangerous Type vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors.
network
low complexity
gogogate CWE-434
critical
 9.8
9.8
2020-09-24 CVE-2020-12842 Incorrect Permission Assignment for Critical Resource vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.
network
low complexity
gogogate CWE-732
critical
 9.8
9.8
2020-09-24 CVE-2020-12841 Cross-Site Request Forgery (CSRF) vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
network
low complexity
gogogate CWE-352
6.5
6.5
2020-09-24 CVE-2020-12840 Cross-Site Request Forgery (CSRF) vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
network
low complexity
gogogate CWE-352
6.5
6.5
2020-09-24 CVE-2020-12839 Incorrect Permission Assignment for Critical Resource vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
network
low complexity
gogogate CWE-732
critical
 9.8
9.8
2020-09-24 CVE-2020-12838 Incorrect Permission Assignment for Critical Resource vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
network
low complexity
gogogate CWE-732
critical
 9.8
9.8
2020-09-24 CVE-2020-12837 Unrestricted Upload of File with Dangerous Type vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors.
network
low complexity
gogogate CWE-434
7.5
7.5
2020-09-24 CVE-2020-12282 Cross-Site Request Forgery (CSRF) vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php.
network
low complexity
gogogate CWE-352
8.8
8.8
2020-09-24 CVE-2020-12281 Cross-Site Request Forgery (CSRF) vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
network
low complexity
gogogate CWE-352
6.5
6.5