PT-2026-1443 · Unknown · Snapgear Management Console
Published
2026-01-06
·
Updated
2026-02-23
·
CVE-2020-36908
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SnapGear Management Console version 3.1.5
Description
The SnapGear Management Console contains a cross-site request forgery condition. An attacker can leverage this to perform administrative actions without the user’s knowledge or consent. Specifically, an attacker can create a malicious web page that, when visited by a logged-in user, automatically submits a form to create a new super user account with full administrative privileges. The vulnerable functionality involves the creation of a super user account.
Recommendations
Apply updates to address the cross-site request forgery condition in version 3.1.5.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snapgear Management Console