CVE-2020-36908
Unknown Unknown - Not Provided
CSRF in SnapGear SG560 3.1.5 Enables Admin Account Creation

Publication date: 2026-01-06

Last updated on: 2026-02-23

Assigner: VulnCheck

Description
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36908
EUVD
EUVD-2026-1027
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
securecomputing snapgear_sg560_firmware 3.1.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) in SnapGear Management Console SG560 version 3.1.5u1. It allows an attacker to trick a logged-in administrative user into visiting a malicious web page that automatically submits a hidden form. This form creates a new super user account with full administrative privileges without the user's consent, exploiting the system's failure to validate the legitimacy of administrative HTTP requests. [1, 2, 3]

Impact Analysis

The vulnerability can lead to unauthorized privilege escalation by allowing attackers to add a new superuser account with full administrative rights. This compromises the security of the SnapGear appliance, potentially giving attackers full control over the device, which can lead to further attacks, data breaches, or disruption of network security functions. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring HTTP POST requests to the administrative endpoint /cgi-bin/cgix/adminusers that attempt to create new super user accounts without proper authorization. Specifically, look for POST requests containing parameters such as login name, full name, password, and access control flags (acl.login, acl.admin, acl.diags, acl.saverestore, acl.setpassword) all set to "on". Network traffic analysis tools or web server logs can be used to identify such suspicious requests. Commands like 'tcpdump' or 'Wireshark' can capture HTTP traffic, and 'grep' can be used on web server logs to search for POST requests to /cgi-bin/cgix/adminusers with these parameters. For example, a command to search Apache logs might be: grep "/cgi-bin/cgix/adminusers" /var/log/apache2/access.log | grep POST [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the SnapGear Management Console SG560 administrative interface to trusted networks or IP addresses, implementing CSRF protections such as tokens to validate legitimate requests, and educating users to avoid visiting untrusted or suspicious websites while logged into the management console. Additionally, monitoring for unauthorized creation of super user accounts and applying any available patches or updates from the vendor is recommended. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36908. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart