### Critical Vulnerability Information #### Vulnerability Name Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE #### Severity - **Critical** #### Release Date - November 6, 2025 #### Affected Versions - iView < 5.7.04 build 6425 #### CVE - CVE-2022-50592 #### CWE - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE-306: Missing Authentication for Critical Function #### CVSS Score - 9.3 #### CVSS V4 Vector - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N #### Vulnerability Description Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows remote attackers to bypass authentication checks and exploit a SQL injection vulnerability in the 'getInventoryReportData' parameter of the 'NetworkServlet' endpoint. Successful exploitation enables remote code execution with administrator privileges. #### Reference Links - [Advantech iView Release Notes](#) - [Exodus Intelligence Disclosure](#)