Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Advantech iView < v5.7.04 Build 6425 data Parameter SQL Injection Information Disclosure
Vulnerability Description
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Advantech iView 安全漏洞
Vulnerability Description
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView v5.7.04 build 6425之前版本存在安全漏洞,该漏洞源于SNMP管理工具中未正确验证身份验证,且对NetworkServlet端点中参数data的错误操作,可能导致SQL注入攻击和数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A