CVE-2020-36909

Name of the Vulnerable Software and Affected Versions SnapGear Management Console version 3.1.5

Description The SnapGear Management Console contains a file manipulation issue that allows authenticated users to read, write, and delete files. The issue is related to the edit config files CGI script. Attackers can manipulate POST request parameters in the /cgi-bin/cgix/edit config files API endpoint to access and modify files outside the expected /etc/config/ directory.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the edit config files CGI script.