Lucene search
K

CVE-2021-22652

🗓️ 11 Feb 2021 16:06:38Reported by icscertType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 118 Views🌐 WEB

Access to Advantech iView v5.7.03.6112 allows unauthorized changes and code execution

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today
Advantech iView Unauthenticated Remote Code Execution Exploit
23 Mar 202100:00
zdt
ATTACKERKB
CVE-2021-22652
11 Feb 202100:00
attackerkb
Circl
CVE-2021-22652
22 Mar 202121:08
circl
CNNVD
Advantech Iview 访问控制错误漏洞
9 Feb 202100:00
cnnvd
CNVD
Advantech iView Critical Functions Lack Authentication Vulnerability
10 Feb 202100:00
cnvd
Check Point Advisories
Advantech iView Remote Code Execution (CVE-2021-22652)
11 Apr 202100:00
checkpoint_advisories
Cvelist
CVE-2021-22652
11 Feb 202116:06
cvelist
ICS
Advantech iView
9 Feb 202100:00
ics
Metasploit
Advantech iView Unauthenticated Remote Code Execution
23 Mar 202117:42
metasploit
NVD
CVE-2021-22652
11 Feb 202118:15
nvd
Rows per page
NVD
Vulners
Node
advantechiviewRange<5.7.03.6112
[
  {
    "product": "Advantech iView",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "iView versions prior to v5.7.03.6112"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
page_action_typerequest body/iView3/MenuServletUnauthenticated access to retrieve version fragment and facilitate configuration change leading to RCE.CWE-306
pagerequest body/iView3/MenuServletUnauthenticated access to retrieve version fragment and facilitate configuration change leading to RCE.CWE-306
page_action_typerequest body/iView3/NetworkServletRetrieve system settings without authentication to identify exploitable config state.CWE-306
retrieveSystemSettingsrequest body/iView3/NetworkServletRetrieve system settings without authentication to identify exploitable config state.CWE-306
page_action_typerequest body/iView3/NetworkServletUpdate system settings to enable export path manipulation enabling file write.CWE-306
updateSystemSettingsrequest body/iView3/NetworkServletUpdate system settings to enable export path manipulation enabling file write.CWE-306
json_objrequest body/iView3/NetworkServletUpdate system settings to enable export path manipulation enabling file write.CWE-306
jsp_paramrequest body/iView3/<generated_jsp_filename>.jspPOST to dynamically created JSP to execute command via parameter injection.CWE-306

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:37Current
9.4High risk
Vulners AI Score9.4
CVSS 27.5
CVSS 3.19.8
EPSS0.36845
118