netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php.
The vulnerability exists in the /admin/edit_fire_wall.php script, which does not properly validate user input data. An attacker can inject malicious SQL code directly into queries executed by the application against the database. Due to the network vector (AV:N), lack of required privileges (PR:N), and lack of user interaction (UI:N), the attack can be performed remotely without any authentication.
An attacker can gain unauthorized access to data stored in the database, modify or delete system configuration data, and potentially take full control of the device. Compromise of a Next-Generation Firewall class device can lead to security breach of the entire protected network infrastructure.
Patches available from the manufacturer should be applied according to the references. Until the fix is deployed, it is recommended to restrict access to the administrative panel only to trusted IP addresses and monitor network traffic directed to the administrative interface.
Netentsec NS-ASG Firmware and Netentsec NS-ASG version 6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetentsec Ns Asg
HWNetentsecwszystkie wersjeNetentsec Ns Asg Firmware
OSNetentsec6.3
Related vulnerabilities
SQL Injection w Netentsec NS-ASG 6.3 via /admin/add_getlogin.php
SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny
SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.