CVE-2020-16097

HIGH

Gallagher Command Centre - Insufficiently Protected Credentials

Title source: rule

Description

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.

References (1)

[Vendor Advisory] https://security.gallagher.com/Security-Advisories/CVE-2020-16097

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 18.5%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Classification

CWE

CWE-522

Status published

Affected Products (5)

gallagher/command_centre < 7.90.1038

gallagher/command_centre

Timeline

Published Sep 15, 2020

Tracked Since Feb 18, 2026