CRITICAL🇵🇱 Wersja polska

CVE-2024-30868

CVSS 9.8v3.1pub. 2024-04-01upd. 2025-04-04

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.

🤖 AI Analysis
How it works

SQL Injection vulnerability (CWE-94) occurs in the /admin/add_getlogin.php script. An attacker can submit a crafted HTTP request containing malicious SQL code that is executed directly by the database engine without proper validation or parameterization of input data. No privileges or user interaction are required, meaning the attack can be performed remotely by any person with network access to the device.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete data, and under favorable conditions take full control of the system — resulting in breach of confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the manufacturer according to references. As a temporary measure, it is recommended to restrict network access to the administration panel only from trusted IP addresses and place the administration interface behind a firewall or in an isolated management network.

Who is affected

Netentsec NS-ASG version 6.3 (device firmware and software)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netentsec Ns Asg

    HW
    Netentsec
    wszystkie wersje
  • Netentsec Ns Asg Firmware

    OS
    Netentsec
    6.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-30867CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny

CVE-2024-30858CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 via edit_fire_wall.php

CVE-2024-30865CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny

CVE-2024-30860HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php.

CVE-2024-30859HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.