The vulnerability of the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

🗓️ 09 Dec 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Advantech R-SeeNet device_list flaw enables remote XSS via name_filter handling and crafted SQL.

Reporter	Title	Published	Views	Family All 10
CNNVD	Advantech R-SeeNet SQL注入漏洞	22 Nov 202100:00	–	cnnvd
CNVD	Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93831)	25 Nov 202100:00	–	cnvd
CVE	CVE-2021-21932	22 Dec 202118:07	–	cve
Cvelist	CVE-2021-21932	22 Dec 202118:07	–	cvelist
EUVD	EUVD-2021-9103	3 Oct 202520:07	–	euvd
ICS	Advantech R-SeeNet	14 Dec 202100:00	–	ics
NVD	CVE-2021-21932	22 Dec 202119:15	–	nvd
OSV	CVE-2021-21932	22 Dec 202119:15	–	osv
Prion	Cross site request forgery (csrf)	22 Dec 202119:15	–	prion
RedhatCVE	CVE-2021-21932	22 May 202519:12	–	redhatcve

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2021-1366
securitylab	www.securitylab.ru/vulnerability/526790.php
safe-surf	www.safe-surf.ru/upload/VULN/VULN-20211124.3.pdf
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021112314
web	www.web.nvd.nist.gov/view/vuln/detail
talosintelligence	www.talosintelligence.com/reports/TALOS-2021-1366

09 Dec 2021 00:00Current

CVSS 37.7

CVSS 27.8

EPSS0.01547

device list flaw advantech router r see net cross site scripting name filter handling crafted structured queries