177 matches found
CVE-2021-21805
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability...
CVE-2021-21801
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21800
Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...
CVE-2021-21802
This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...
CVE-2021-21912
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...
CVE-2021-21799
Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a...
CVE-2022-3385
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution...
CVE-2022-3386
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution...
VulnCheck KEV: CVE-2021-21805
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability...
Advantech R-SeeNet Information Disclosure Vulnerability
Advantech R-SeeNet is an industrial monitoring software from Advantech, China. An information disclosure vulnerability exists in Advantech R-SeeNet, which can be exploited by an attacker to obtain login credentials and the default SNMP group string from the snmpmon.ini file and use this informati...
The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the lack of protection for operational data. This allows a hacker to gain access to the database by reading and writing data in the snmpmon.ini file.
The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the database by reading and writing data ...
CVE-2023-5642 Advantech R-SeeNet Unauthenticated Read/Write
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information...
Advantech R-SeeNet 安全漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech, China. An information disclosure vulnerability exists in Advantech R-SeeNet, which can be exploited by an attacker to obtain login credentials and the default SNMP group string from the snmpmon.ini file and use this informati...
Advantech R-SeeNet Use Of Hard-Coded Credentials Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the database. The issue results from the existence of an addition...
Advantech R-SeeNet device_status Local File Inclusion Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. Authentication is required to exploit this vulnerability. The specific flaw exists within the devicestatus page. The issue results from the lack of proper validation of user-supplied...
The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers allows a intruder to gain unauthorized access to local files.
The vulnerability of the monitoring software for the functions and status of Advantech R-SeeNet routers is related to improper external manipulation of the file name or file path. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to local...
Advantech R-SeeNet Trust Management Issue Vulnerability
Advantech R-SeeNet is an industrial monitoring software from Advantech, China. A security vulnerability exists in Advantech R-SeeNet, which can be exploited by an authenticated, remote attacker to submit a special request for unauthorized access to the system...
The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the possibility of using strictly encrypted login data, which allows a hacker to gain increased privileges.
The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the possibility of using strictly encrypted login data. Exploiting this vulnerability could allow a malicious actor to gain increased privileges...
CVE-2023-3256
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files...
CVE-2023-2611
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users...