Unrated severityNVD Advisory· Published Oct 10, 2023· Updated Nov 28, 2025
Sangfor Next-Gen Application Firewall Authenticated File Disclosure
CVE-2023-30804
Description
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= NGAF8.0.17+ 1 more
- (no CPE)range: = NGAF8.0.17
- (no CPE)range: 8.0.17
Patches
Vulnerability mechanics
References
3- labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/mitrethird-party-advisoryexploittechnical-description
- vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosuremitrethird-party-advisory
- aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4mitreproduct
News mentions
0No linked articles in our index yet.