Filtered by vendor Advantech
Subscribe
Total
337 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34245 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34247 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34246 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34244 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34243 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34242 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34241 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34240 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 6.5 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | |||||
| CVE-2025-34236 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 5.4 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2025-34237 | 1 Advantech | 1 Webaccess\/vpn | 2025-11-28 | N/A | 5.4 MEDIUM |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2022-50591 | 1 Advantech | 1 Iview | 2025-11-24 | N/A | 9.8 CRITICAL |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. | |||||
| CVE-2022-50592 | 1 Advantech | 1 Iview | 2025-11-24 | N/A | 7.2 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | |||||
| CVE-2022-50594 | 1 Advantech | 1 Iview | 2025-11-24 | N/A | 7.5 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. | |||||
| CVE-2022-50595 | 1 Advantech | 1 Iview | 2025-11-24 | N/A | 7.2 HIGH |
| Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | |||||
| CVE-2025-58423 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-21 | N/A | 8.8 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account. | |||||
| CVE-2025-64302 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-19 | N/A | 6.4 MEDIUM |
| Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation. | |||||
| CVE-2025-62630 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-19 | N/A | 8.8 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | |||||
| CVE-2025-59171 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-19 | N/A | 7.5 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | |||||
| CVE-2014-2368 | 1 Advantech | 1 Advantech Webaccess | 2025-10-06 | 7.5 HIGH | N/A |
| The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||||
| CVE-2014-2367 | 1 Advantech | 1 Advantech Webaccess | 2025-10-06 | 7.5 HIGH | N/A |
| The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||||