Primary

Context

Gallagher T-Series Readers Missing Release of Resource After Effective Lifetime Vulnerability Allowing Limited Denial-of-Service

Vulnerability

A resource management vulnerability has been identified in Gallagher T-Series Readers, specifically in versions 9.20 prior to vCR9.20.250213a, 9.10 prior to vCR9.10.250213a, 9.00 prior to vCR9.00.250619a, and all versions of 8.90 and prior. This vulnerability, categorized as Missing Release of Resource after Effective Lifetime (CWE-772), allows an attacker with physical access to the reader to cause a limited denial-of-service, but only when 125 kHz Card Technology is enabled.

Impact

Exploitation of this vulnerability leads to a limited denial-of-service condition on the affected reader.

Remediation

Disabling 125 kHz Card Technology on the affected reader prevents exploitation of this vulnerability.

Added: Jul 10, 2025, 3:19 AM

Updated: Jul 10, 2025, 3:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gallagher T-Series Readers Missing Release of Resource After Effective Lifetime Vulnerability Allowing Limited Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating