Unrestricted File Upload Vulnerability in Wangshen SecGate 3600
CVE-2024-3444

4.7MEDIUM

Key Information:

Vendor

Wangshen

Status
Secgate 3600
Vendor
CVE Published:
8 April 2024

Badges

👾 Exploit Exists

What is CVE-2024-3444?

A significant security vulnerability has been discovered in the Wangshen SecGate 3600 firewall, specifically within the file processing endpoint /?g=net_pro_keyword_import_save. This vulnerability enables unauthorized users to upload arbitrary files by exploiting the manipulation of the 'reqfile' parameter. Due to its nature, the attack can be executed remotely, posing a serious threat to the integrity and confidentiality of systems leveraging this product. Security professionals and users of Wangshen SecGate 3600 are urged to review their systems for this vulnerability and implement necessary security measures.

Affected Version(s)

SecGate 3600 20240408

References

https://vuldb.com/?id.259701
vdb-entrytechnical-description
https://vuldb.com/?ctiid.259701
signaturepermissions-required
https://vuldb.com/?submit.312293
third-party-advisory

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

H0e4a0r1t (VulDB User)
.
CVE-2024-3444 : Unrestricted File Upload Vulnerability in Wangshen SecGate 3600