netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php.
The vulnerability results from the lack of proper validation and sanitization of input data passed to the /admin/edit_user_login.php endpoint. An attacker can inject malicious SQL code fragments in HTTP request parameters, which are then executed by the database engine without proper sanitization. The attack does not require authentication or user interaction, and its vector is network-based, making it particularly dangerous.
An attacker can gain unauthorized access to sensitive data stored in the database, modify or delete data, and under favorable circumstances take full control of the system.
Patches available from the manufacturer should be applied in accordance with the references. It is also recommended to restrict access to the admin panel exclusively to trusted IP addresses and to monitor network traffic for unusual HTTP requests directed at administrative endpoints.
Netentsec NS-ASG Firmware and Netentsec NS-ASG version 6.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetentsec Ns Asg
HWNetentsecwszystkie wersjeNetentsec Ns Asg Firmware
OSNetentsec6.3
Related vulnerabilities
SQL Injection w Netentsec NS-ASG 6.3 via /admin/add_getlogin.php
SQL Injection w Netentsec NS-ASG 6.3 via edit_fire_wall.php
SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php.
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.