Description
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
Published: 2026-07-01
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Genucenter web interface prior to version 8.0p11 returns SNMP authentication and encryption keys in HTTP responses to users who hold the Service or Admin roles. This flaw exposes sensitive credential material, enabling those users to de‑crypt SNMP traffic or to impersonate SNMP agents, potentially leading to unauthorized access to network devices and the compromise of network infrastructure. The weakness is a clear information disclosure, classified as CWE-201.

Affected Systems

All installations of genua Genucenter running a version older than 8.0p11 are affected. The vulnerability applies to the web interface accessed by users assigned the Service or Admin role; no detail is provided about specific sub‑products or configuration differences.

Risk and Exploitability

With a CVSS score of 4.3 the vulnerability is moderately severe. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, indicating that it has not yet been widely exploited. Exploitation requires valid user credentials that grant Service or Admin level access to the web interface, making it an insider‑or‑compromised‑credential scenario rather than a generic external attack. The risk is therefore moderate to low for an organization that limits or monitors such privileged accounts, but it becomes higher for environments where those roles are broadly available.

Generated by OpenCVE AI on July 1, 2026 at 18:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Genucenter to version 8.0p11 or later to remove the SNMP key disclosure.
  • Restrict the Service and Admin roles to a small subset of trusted personnel or network segments if an update cannot be applied immediately.
  • Implement regular rotation of SNMP authentication and encryption keys and audit SNMP traffic for unauthorized decryptions.

Generated by OpenCVE AI on July 1, 2026 at 18:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
Title Genucenter Disclosure of SNMP Credentials
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: sba-research

Published:

Updated: 2026-07-01T17:47:08.068Z

Reserved: 2026-06-24T15:07:32.597Z

Link: CVE-2026-13211

cve-icon Vulnrichment

Updated: 2026-07-01T17:46:51.856Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T18:15:15Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data