The installed version of Advantech WebAccess is prior to 8.3.5 and is affected by the following vulnerabilities :
- Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. (CVE-2019-6552)
- Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. (CVE-2019-6550)
- An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. (CVE-2019-6554)