Gallagher T21 Reader Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Gallagher T21 Reader, affecting Command Centre Server versions 9.30 prior to vCR9.30.251028a, 9.20 prior to vCR9.20.251028a, 9.10 prior to vCR9.10.251028a, and all versions of 9.00 and prior. This vulnerability, classified as a Missing Release of Resource after Effective Lifetime (CWE-772), allows an attacker with physical access to the reader to disrupt its functionality, preventing cardholders from gaining entry. The issue arises from the reader not properly releasing resources after they are no longer needed, creating a situation where the reader becomes unresponsive to badge entries.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition on the affected T21 Reader, causing it to become unresponsive to badge entries and disrupting normal access control operations.