WebAccess/VPN — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in WebAccess/VPN, with AI-generated Chinese analysis, references, and POCs.

Vendor: Advantech

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-34247	Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction() CWE-89	6.5	-	2025-11-06
CVE-2025-34246	Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction() CWE-89	6.5	-	2025-11-06
CVE-2025-34245	Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction() CWE-89	6.5	-	2025-11-06
CVE-2025-34244	Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction() CWE-89	6.5	-	2025-11-06
CVE-2025-34243	Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxNetworkFwRulesAction() CWE-89	6.5	-	2025-11-06
CVE-2025-34242	Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction() CWE-89	6.5	-	2025-11-06
CVE-2025-34241	Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxDeviceController.ajaxDeviceAction() CWE-89	6.5	-	2025-11-06
CVE-2025-34240	Advantech WebAccess/VPN < 1.1.5 SQL Injection via AppManagementController.appUpgradeAction() CWE-89	6.5	-	2025-11-06
CVE-2025-34239	Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction() CWE-78	7.2	-	2025-11-06
CVE-2025-34238	Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() CWE-22	4.9	-	2025-11-06
CVE-2025-34237	Advantech WebAccess/VPN < 1.1.5 Stored XSS via StandaloneVpnClientsController.addStandaloneVpnClientAction() CWE-79	5.4	-	2025-11-06
CVE-2025-34236	Advantech WebAccess/VPN < 1.1.5 Stored XSS via NetworksController.addNetworkAction() CWE-79	5.4	-	2025-11-06

All 12 known CVE vulnerabilities affecting WebAccess/VPN with full Chinese analysis, references, and POCs where available.