Floragasse 7 – 5th floor, 1040 Vienna

News

SBA Security Advisory – Genucenter Disclosure of SNMP Credentials (CVE-2026-13211)

Vulnerability Overview

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role. This exposure allows potential unauthorized access to network devices.

  • Type of Vulnerability: Information Disclosure
  • Fixed in Version: 8.0 Patch 11 and 8.6 or later
  • CVE IDCVE-2026-13211
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVSS Base Score: 4.3 (Medium)

Recommended Countermeasure

We recommend updating to version 8.0 Patch 11 and 8.6 or later.

Link

Full Security Advisory

Credits

Andreas Boll (SBA Research)
Lisa Gnedt (SBA Research)

The discovery of this vulnerability was made possible through support from CYSSDE and the European Union.