OFF-BY-ONE ERROR CWE-193
Description
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GateManager prior to 9.2c contains a hard-coded telnet credential allowing unauthenticated remote attackers to execute commands as root.
Vulnerability
GateManager, a VPN server by Secomea, versions prior to 9.2c contain a hard-coded credential for telnet (CWE-798). This allows an unprivileged attacker to execute commands as root without any special configuration or authentication [1].
Exploitation
An attacker with network access to the affected GateManager can use the hard-coded telnet credential to log in remotely. The attack requires no privileges or user interaction, and the complexity is low due to the known credential [1].
Impact
Successful exploitation grants the attacker root-level access to the device, leading to full compromise of confidentiality, integrity, and availability. The attacker can execute arbitrary commands as root [1].
Mitigation
Secomea released version 9.2c to fix the issue. Users should upgrade to this version or later. No workarounds are mentioned in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <9.2c
- Range: All versions prior to 9.2c
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- us-cert.cisa.gov/ics/advisories/icsa-20-210-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.