CVE-2020-36909 | THREATINT

Description

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.

PUBLISHED Reserved 2026-01-03 | Published 2026-01-06 | Updated 2026-01-06 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

3.1.5

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/48556 (ExploitDB-48556) exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5568.php (Zero Science Lab Disclosure (ZSL-2020-5568)) third-party-advisory

packetstorm.news/files/id/157939 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/182960 (IBM X-Force Vulnerability Exchange) vdb-entry

www.vulncheck.com/...ent-console-sg-arbitrary-file-readwrite (VulnCheck Advisory: Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read/Write) third-party-advisory

cve.org (CVE-2020-36909)

nvd.nist.gov (CVE-2020-36909)

Download JSON