Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by genua

    CVE-2026-13211 (GCVE-0-2026-13211)

    Vulnerability from nvd – Published: 2026-07-01 15:46 – Updated: 2026-07-01 17:47
    VLAI
    Title
    Genucenter Disclosure of SNMP Credentials
    Summary
    The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of sensitive information into sent data
    Assigner
    References
    Impacted products
    Vendor Product Version
    genua genucenter Affected: 8.0 , ≤ 8.0p10 (custom)
    Unaffected: 8.0p11 , < 8.1 (custom)
    Unaffected: 8.6 (custom)
    Create a notification for this product.
    Credits
    Andreas Boll (SBA Research) Lisa Gnedt (SBA Research)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13211",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:47:05.251461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:47:08.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/sbaresearch/advisories/tree/public/2026/SBA-ADV-20260424-01_Genucenter_Disclosure_of_SNMP_Credentials"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "genucenter",
              "vendor": "genua",
              "versions": [
                {
                  "lessThanOrEqual": "8.0p10",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1",
                  "status": "unaffected",
                  "version": "8.0p11",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andreas Boll (SBA Research)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Lisa Gnedt (SBA Research)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the \u201cService\u201d or \u201cAdmin\u201d role."
                }
              ],
              "value": "The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the \u201cService\u201d or \u201cAdmin\u201d role."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of sensitive information into sent data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T15:46:25.174Z",
            "orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
            "shortName": "sba-research"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://github.com/sbaresearch/advisories/tree/public/2026/SBA-ADV-20260424-01_Genucenter_Disclosure_of_SNMP_Credentials"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Genucenter Disclosure of SNMP Credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
        "assignerShortName": "sba-research",
        "cveId": "CVE-2026-13211",
        "datePublished": "2026-07-01T15:46:25.174Z",
        "dateReserved": "2026-06-24T15:07:32.597Z",
        "dateUpdated": "2026-07-01T17:47:08.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-27215 (GCVE-0-2021-27215)

    Vulnerability from nvd – Published: 2021-03-03 15:45 – Updated: 2024-08-03 20:40
    VLAI
    Summary
    An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:40:47.481Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kunde.genua.de/en/overview/genugate.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-03T15:45:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kunde.genua.de/en/overview/genugate.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-27215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate",
                  "refsource": "MISC",
                  "url": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate"
                },
                {
                  "name": "https://kunde.genua.de/en/overview/genugate.html",
                  "refsource": "MISC",
                  "url": "https://kunde.genua.de/en/overview/genugate.html"
                },
                {
                  "name": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/",
                  "refsource": "MISC",
                  "url": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-27215",
        "datePublished": "2021-03-03T15:45:53.000Z",
        "dateReserved": "2021-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:40:47.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-13211 (GCVE-0-2026-13211)

    Vulnerability from cvelistv5 – Published: 2026-07-01 15:46 – Updated: 2026-07-01 17:47
    VLAI
    Title
    Genucenter Disclosure of SNMP Credentials
    Summary
    The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of sensitive information into sent data
    Assigner
    References
    Impacted products
    Vendor Product Version
    genua genucenter Affected: 8.0 , ≤ 8.0p10 (custom)
    Unaffected: 8.0p11 , < 8.1 (custom)
    Unaffected: 8.6 (custom)
    Create a notification for this product.
    Credits
    Andreas Boll (SBA Research) Lisa Gnedt (SBA Research)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13211",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:47:05.251461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:47:08.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/sbaresearch/advisories/tree/public/2026/SBA-ADV-20260424-01_Genucenter_Disclosure_of_SNMP_Credentials"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "genucenter",
              "vendor": "genua",
              "versions": [
                {
                  "lessThanOrEqual": "8.0p10",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1",
                  "status": "unaffected",
                  "version": "8.0p11",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "8.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andreas Boll (SBA Research)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Lisa Gnedt (SBA Research)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the \u201cService\u201d or \u201cAdmin\u201d role."
                }
              ],
              "value": "The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the \u201cService\u201d or \u201cAdmin\u201d role."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of sensitive information into sent data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T15:46:25.174Z",
            "orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
            "shortName": "sba-research"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://github.com/sbaresearch/advisories/tree/public/2026/SBA-ADV-20260424-01_Genucenter_Disclosure_of_SNMP_Credentials"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Genucenter Disclosure of SNMP Credentials",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
        "assignerShortName": "sba-research",
        "cveId": "CVE-2026-13211",
        "datePublished": "2026-07-01T15:46:25.174Z",
        "dateReserved": "2026-06-24T15:07:32.597Z",
        "dateUpdated": "2026-07-01T17:47:08.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-27215 (GCVE-0-2021-27215)

    Vulnerability from cvelistv5 – Published: 2021-03-03 15:45 – Updated: 2024-08-03 20:40
    VLAI
    Summary
    An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:40:47.481Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kunde.genua.de/en/overview/genugate.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-03T15:45:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kunde.genua.de/en/overview/genugate.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-27215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate",
                  "refsource": "MISC",
                  "url": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate"
                },
                {
                  "name": "https://kunde.genua.de/en/overview/genugate.html",
                  "refsource": "MISC",
                  "url": "https://kunde.genua.de/en/overview/genugate.html"
                },
                {
                  "name": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/",
                  "refsource": "MISC",
                  "url": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-27215",
        "datePublished": "2021-03-03T15:45:53.000Z",
        "dateReserved": "2021-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:40:47.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }