CRITICAL🇵🇱 Wersja polska

CVE-2024-30867

CVSS 9.8v3.1pub. 2024-04-01upd. 2025-04-04

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php.

🤖 AI Analysis
How it works

An attacker sends a crafted HTTP request to the /admin/edit_virtual_site_info.php endpoint, injecting malicious SQL code into input parameters that are not properly validated or parameterized. This allows manipulation of queries directed to the device's database. The lack of authentication requirement (PR:N, UI:N) makes it possible for the attack to be performed remotely without prior access to the system.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete configuration data, and depending on the database server permissions — potentially take control of the device.

Mitigation & patch

Apply patches available from the manufacturer according to the references. As a temporary workaround, it is recommended to restrict network access to the admin panel exclusively to trusted IP addresses and implement firewall rules blocking access to the /admin/ interface from external networks.

Who is affected

Netentsec NS-ASG version 6.3 (firmware and application).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netentsec Ns Asg

    HW
    Netentsec
    wszystkie wersje
  • Netentsec Ns Asg Firmware

    OS
    Netentsec
    6.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-30868CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 via /admin/add_getlogin.php

CVE-2024-30858CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 via edit_fire_wall.php

CVE-2024-30865CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny

CVE-2024-30860HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php.

CVE-2024-30859HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.