SBA Security Advisory – Genucenter Disclosure of SNMP Credentials (CVE-2026-13211)
Vulnerability Overview
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role. This exposure allows potential unauthorized access to network devices.
- Type of Vulnerability: Information Disclosure
- Fixed in Version: 8.0 Patch 11 and 8.6 or later
- CVE ID: CVE-2026-13211
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CVSS Base Score: 4.3 (Medium)
Recommended Countermeasure
We recommend updating to version 8.0 Patch 11 and 8.6 or later.
Link
Credits
Andreas Boll (SBA Research)
Lisa Gnedt (SBA Research)
The discovery of this vulnerability was made possible through support from CYSSDE and the European Union.
