Approved changes feed: RSS · Atom

cpe:2.3:a:genexis:gaps:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorGenexis (2095619e-8c4f-5f1a-9d5d-8c981ac7ce86)
ProductGaps (f6c2f130-2b09-55cf-8d22-35b73c4c6020)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-6094 vulnerable 2026-06-08 05:09:50.510904 Details available
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2.
Published: 2017-12-20T20:00:00.000Z
Updated: 2024-08-05T15:18:49.781Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.