CRITICAL🇵🇱 Wersja polska

CVE-2024-30858

CVSS 9.8v3.1pub. 2024-04-01upd. 2025-04-04

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php.

🤖 AI Analysis
How it works

The vulnerability exists in the /admin/edit_fire_wall.php script, which does not properly validate user input data. An attacker can inject malicious SQL code directly into queries executed by the application against the database. Due to the network vector (AV:N), lack of required privileges (PR:N), and lack of user interaction (UI:N), the attack can be performed remotely without any authentication.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete system configuration data, and potentially take full control of the device. Compromise of a Next-Generation Firewall class device can lead to security breach of the entire protected network infrastructure.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until the fix is deployed, it is recommended to restrict access to the administrative panel only to trusted IP addresses and monitor network traffic directed to the administrative interface.

Who is affected

Netentsec NS-ASG Firmware and Netentsec NS-ASG version 6.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netentsec Ns Asg

    HW
    Netentsec
    wszystkie wersje
  • Netentsec Ns Asg Firmware

    OS
    Netentsec
    6.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-30868CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 via /admin/add_getlogin.php

CVE-2024-30867CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny

CVE-2024-30865CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny

CVE-2024-30859HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.

CVE-2024-30862HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.