Browse all 18 CVE security advisories affecting Sangfor. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sangfor develops cybersecurity solutions including cloud, network, and endpoint security platforms. Historically, their products have faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting, and privilege escalation. The company has recorded 18 CVEs, with several critical flaws allowing unauthorized system access. Notable incidents include authentication bypass vulnerabilities in their NGAF and endpoint protection products that could enable complete compromise. While Sangfor continues to address security issues, their historical vulnerability patterns highlight risks in web management interfaces and authentication mechanisms that require ongoing patch management and hardening.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-30806 | Sangfor Next-Gen Application Firewall PHPSESSID Command Injection — Net-Gen Application FirewallCWE-78 | 9.8 | Critical | 2023-10-10 |
| CVE-2023-30805 | Sangfor Next-Gen Application Firewall Login Un Param Command Injection — Net-Gen Application FirewallCWE-78 | 9.8 | Critical | 2023-10-10 |
| CVE-2023-30804 | Sangfor Next-Gen Application Firewall Authenticated File Disclosure — Net-Gen Application FirewallCWE-200 | 4.9 | Medium | 2023-10-10 |
| CVE-2023-30803 | Sangfor Next-Gen Application Firewall Authentication Bypass — Net-Gen Application FirewallCWE-290 | 9.8 | Critical | 2023-10-10 |
| CVE-2023-30802 | Sangfor Next-Gen Application Firewall Source Code Disclosure — Net-Gen Application FirewallCWE-540 | 5.3 | Medium | 2023-10-10 |
This page lists every published CVE security advisory associated with Sangfor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.