Flexiva Lx300 Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:gatesair:flexiva_lx300_firmware:1.0.13:*:*:*:*:*:*:*
part: o version: 1.0.13 update: *
| Vendor | Gatesair (12b7954c-82d9-5eba-b066-24e87af33ec4) |
|---|---|
| Product | Flexiva Lx300 Firmware (93045135-e06c-5065-bb62-a2256a6b644d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-63212 |
vulnerable | 2026-06-08 07:39:17.357952 |
Details available
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out.
Published: 2025-11-19T00:00:00.000Z
Updated: 2025-11-20T21:02:43.797Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.