CRITICAL🇵🇱 Wersja polska

CVE-2024-30865

CVSS 9.8v3.1pub. 2024-04-01upd. 2025-04-04

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php.

🤖 AI Analysis
How it works

The vulnerability results from the lack of proper validation and sanitization of input data passed to the /admin/edit_user_login.php endpoint. An attacker can inject malicious SQL code fragments in HTTP request parameters, which are then executed by the database engine without proper sanitization. The attack does not require authentication or user interaction, and its vector is network-based, making it particularly dangerous.

Impact

An attacker can gain unauthorized access to sensitive data stored in the database, modify or delete data, and under favorable circumstances take full control of the system.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. It is also recommended to restrict access to the admin panel exclusively to trusted IP addresses and to monitor network traffic for unusual HTTP requests directed at administrative endpoints.

Who is affected

Netentsec NS-ASG Firmware and Netentsec NS-ASG version 6.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netentsec Ns Asg

    HW
    Netentsec
    wszystkie wersje
  • Netentsec Ns Asg Firmware

    OS
    Netentsec
    6.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-30868CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 via /admin/add_getlogin.php

CVE-2024-30858CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 via edit_fire_wall.php

CVE-2024-30867CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny

CVE-2024-30860HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php.

CVE-2024-30859HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.