Wangshen SecGate 3600 g=obj_area_export_save path traversal

A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=obj_area_export_save. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

对路径名的限制不恰当(路径遍历)

Wangshen SecGate 路径遍历漏洞

Wangshen SecGate是中国网神（Wangshen）公司的一系列千兆防火墙。 Wangshen SecGate 3600存在路径遍历漏洞，该漏洞源于对文件?g=obj_area_export_save中参数file_name的错误操作导致路径遍历。

N/A

N/A