CVE-2025-34244

The CVE refers to Advantech WebAccess/VPN versions prior to 1.1.5, where AjaxFwRulesController.ajaxDeviceFwRulesAction() contains an SQL injection flaw. Multiple connected sources (CNVD, RH Red Hat CVE view, PT-SECURITY advisory, CNNVD, etc.) describe an authenticated, low-privilege observer abil...