GatesAir
Products
4- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36082 | Cri | 0.64 | 9.8 | 0.01 | Aug 3, 2023 | An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. | ||
| CVE-2025-22961 | Hig | 0.52 | 8.0 | 0.00 | Feb 13, 2025 | A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db)… | ||
| CVE-2025-22960 | Hig | 0.52 | 8.0 | 0.00 | Feb 13, 2025 | A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session… | ||
| CVE-2025-22962 | Hig | 0.47 | 7.2 | 0.01 | Feb 13, 2025 | A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID (sess_id) can send specially crafted POST requests to the /json… | ||
| CVE-2023-36081 | Med | 0.35 | 5.4 | 0.01 | Aug 2, 2023 | Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. | ||
| CVE-2025-63212 | 0.00 | — | 0.00 | Nov 19, 2025 | GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs… |
- risk 0.64cvss 9.8epss 0.01
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.
- risk 0.52cvss 8.0epss 0.00
A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db)…
- risk 0.52cvss 8.0epss 0.00
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session…
- risk 0.47cvss 7.2epss 0.01
A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID (sess_id) can send specially crafted POST requests to the /json…
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.
- CVE-2025-63212Nov 19, 2025risk 0.00cvss —epss 0.00
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs…