CVE-2023-7308 HIGH

CVE-2023-7308: SecGate3600 Firewall Information Disclosure via authManageSet.cgi

Vendor Nsfocus
Product SecGate3600 Firewall
Weakness CWE-306 · Missing auth
Published August 27, 2025
Last update November 28, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.

Key dates

02Disclosure timeline

August 27, 2025 CVE published
November 28, 2025 Record updated