Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAdvantech Iview
APPAdvantech< 5.7.04.6425
Related vulnerabilities
Advantech iView – Auth Bypass + SQL Injection prowadzące do RCE
Advantech iView – Auth Bypass i SQL Injection prowadzące do RCE
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remot...
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker ...
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which m...