MidnightBSD

Advisories for gatesair

CVE-2023-36081

Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.

Products Affected

Vendor Product Version
gatesair flexiva_fax_150w_firmware -
CVE-2023-36082

An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.

Products Affected

Vendor Product Version
gatesair flexiva_fax_150w_firmware -
CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out.

Products Affected

Vendor Product Version
gatesair flexiva_lx100_firmware 2.0
gatesair flexiva_lx600_firmware 1.0.13
gatesair flexiva_lx1000_firmware 1.0.13
gatesair flexiva_lx1000_firmware 2.0
gatesair flexiva_lx300_firmware 2.0
gatesair flexiva_lx100_firmware 1.0.13
gatesair flexiva_lx300_firmware 1.0.13
gatesair flexiva_lx600_firmware 2.0