← Back to CVEs

CVE-2023-7308

HIGH

7.5

Description

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published8/27/2025

Last Modified11/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

nsfocusglobal:secgate3600nsfocusglobal:secgate3600_firmware

Weaknesses (CWE)

CWE-306CWE-306

References

https://github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.py(disclosure@vulncheck.com)

https://nsfocusglobal.com/products/next-gen-firewall-2/(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/secgate3600-firewall-info-disc(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.