CVE-2024-2330

MEDIUM EXPLOITED NUCLEI

NS-ASG Application Security Gateway 6.3 - Sql Injection

Title source: nuclei

Exploitation Summary

CVE-2024-2330 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Nuclei Templates (1)

NS-ASG Application Security Gateway 6.3 - Sql Injection

MEDIUMby s4e-io

Shodan: http.title:“NS-ASG”

FOFA: app="网康科技-NS-ASG安全网关"

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.256281

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.256281

Exploit exploit

https://github.com/jikedaodao/cve/blob/main/NS-ASG-sql-addmacbind.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.1776

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-09-26

CWE

CWE-89

Status published

Products (1)

netentsec/application_security_gateway 6.3

Published Mar 09, 2024

Tracked Since Feb 18, 2026