Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-4767— Improper Access Control in TR7's WAF-ASP

CVSS 9.8 · Critical EPSS 0.33% · P25

Possible ATT&CK Techniques 1AI

T1136 · Create Account

Affected Version Matrix 1

VendorProductVersion RangeStatus
TR7 Cyber ​​Defense Inc.WAF-ASPv1.0.324.900< v1.4.0.117affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-4767

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Improper Access Control in TR7's WAF-ASP
Source: NVD (National Vulnerability Database)
Vulnerability Description
Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
TR7 WAF-ASP 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TR7 WAF-ASP是TR7个人开发者的一款Web应用防火墙软件。 TR7 WAF-ASP v1.0.324.900版本至v1.4.0.117之前版本存在授权问题漏洞,该漏洞源于缺少关键功能身份验证,可能导致身份验证滥用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
TR7 Cyber ​​Defense Inc.WAF-ASP v1.0.324.900 ~ v1.4.0.117 -

II. Public POCs for CVE-2026-4767

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-4767

登录查看更多情报信息。

Vendor Advisories for CVE-2026-4767 (1)

Same Patch Batch · TR7 Cyber ​​Defense Inc. · 2026-07-02 · 3 CVEs total

CVE-2026-47725.4 MEDIUMStored XSS in TR7's WAF-ASP
CVE-2026-47704.6 MEDIUMDOM-Based XSS in TR7's WAF-ASP

IV. Related Vulnerabilities

V. Comments for CVE-2026-4767

No comments yet


Leave a comment