CVE-2020-36909

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/182960	Third Party Advisory
https://packetstorm.news/files/id/157939	Exploit Third Party Advisory
https://www.exploit-db.com/exploits/48556	Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/secure-computing-snapgear-management-console-sg-arbitrary-file-readwrite	Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5568.php	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:securecomputing:snapgear_sg560_firmware:3.1.5:*:*:*:*:*:*:*

cpe:2.3:h:securecomputing:snapgear_sg560:-:*:*:*:*:*:*:*

History

23 Feb 2026, 18:59

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/182960 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/182960 - Third Party Advisory
References	~~() https://packetstorm.news/files/id/157939 -~~	() https://packetstorm.news/files/id/157939 - Exploit, Third Party Advisory
References	~~() https://www.exploit-db.com/exploits/48556 -~~	() https://www.exploit-db.com/exploits/48556 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.vulncheck.com/advisories/secure-computing-snapgear-management-console-sg-arbitrary-file-readwrite -~~	() https://www.vulncheck.com/advisories/secure-computing-snapgear-management-console-sg-arbitrary-file-readwrite - Third Party Advisory
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5568.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5568.php - Exploit, Third Party Advisory
CPE		cpe:2.3:o:securecomputing:snapgear_sg560_firmware:3.1.5:::::::* cpe:2.3:h:securecomputing:snapgear_sg560:-:::::::*
First Time		Securecomputing snapgear Sg560 Firmware Securecomputing snapgear Sg560 Securecomputing

06 Jan 2026, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-06 16:15

Updated : 2026-02-23 18:59

NVD link : CVE-2020-36909

Mitre link : CVE-2020-36909

CVE.ORG link : CVE-2020-36909

JSON object : View

Products Affected

securecomputing

snapgear_sg560_firmware
snapgear_sg560

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10