Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE
Vulnerability Description
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Advantech iView 安全漏洞
Vulnerability Description
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView v5.7.04 build 6425之前版本存在安全漏洞,该漏洞源于SNMP管理工具中存在身份验证绕过问题,可能导致远程攻击者利用NetworkServlet端点中search_term参数进行SQL注入攻击,进而实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A