Ns Asg Firmware
CVE-2023-40850
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway.
AnalysisAI
netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway. Affected products include: Netentsec Ns-Asg Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ns Asg Firmware
View allnetentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php. Rated critical severity (CVSS
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. Rated critical severity (CVSS 9.8), t
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php. Rated critical severity (CVSS 9.8),
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. Rated critical severity (CVSS 9.8), thi
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php. Rated high severity (CVSS 8.8), this vulnerabilit
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php. Rated high severity (CVSS 8.8), th
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php. Rated high severity (CVSS 8.8
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php. Rated high severity (CVSS 8.8), thi
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php. Rated high severity (CVSS 8.8), th
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php. Rated medium severity (CVSS 6.3), this vu
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php. Rated medium severity (CVS
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php. Rated medium severity (CVSS 5.4), this vulnerabili
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today