Unrated severityNVD Advisory· Published Aug 27, 2025· Updated Nov 28, 2025

SecGate3600 Firewall Information Disclosure via authManageSet.cgi

CVE-2023-7308

Description

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

Affected products

NSFOCUS/SecGate3600llm-create
NSFOCUS/SecGate3600 Firewallv5
Range: *

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jjjj1029056414/selfpoc/blob/main/wangshen-SecGate3600-information-leakage.pymitreexploit
www.vulncheck.com/advisories/secgate3600-firewall-info-discmitrethird-party-advisory
nsfocusglobal.com/products/next-gen-firewall-2/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000