CVE-2020-36908

SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/182969	Third Party Advisory
https://packetstorm.news/files/id/157937	Exploit Third Party Advisory
https://www.exploit-db.com/exploits/48554	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/secure-computing-snapgear-management-console-sg-cross-site-request-forgery-via-admin-users	Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5567.php	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:securecomputing:snapgear_sg560_firmware:3.1.5:*:*:*:*:*:*:*

cpe:2.3:h:securecomputing:snapgear_sg560:-:*:*:*:*:*:*:*

History

23 Feb 2026, 19:00

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/182969 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/182969 - Third Party Advisory
References	~~() https://packetstorm.news/files/id/157937 -~~	() https://packetstorm.news/files/id/157937 - Exploit, Third Party Advisory
References	~~() https://www.exploit-db.com/exploits/48554 -~~	() https://www.exploit-db.com/exploits/48554 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/secure-computing-snapgear-management-console-sg-cross-site-request-forgery-via-admin-users -~~	() https://www.vulncheck.com/advisories/secure-computing-snapgear-management-console-sg-cross-site-request-forgery-via-admin-users - Third Party Advisory
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5567.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5567.php - Exploit, Third Party Advisory
CPE		cpe:2.3:o:securecomputing:snapgear_sg560_firmware:3.1.5:::::::* cpe:2.3:h:securecomputing:snapgear_sg560:-:::::::*
First Time		Securecomputing snapgear Sg560 Firmware Securecomputing snapgear Sg560 Securecomputing

06 Jan 2026, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-06 16:15

Updated : 2026-02-23 19:00

NVD link : CVE-2020-36908

Mitre link : CVE-2020-36908

CVE.ORG link : CVE-2020-36908

JSON object : View

Products Affected

securecomputing

snapgear_sg560_firmware
snapgear_sg560

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

5.3 /10