CVE-2021-21917

An exploitable SQL injection vulnerability exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or...

CVE-2021-21915

An exploitable SQL injection vulnerability exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request at ‘companyfilter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticate...

CVE-2021-21915

Advantech R-SeeNet (2.4.15, affected) contains SQL injection vulnerabilities in the group_list flow, notably via the company_filter parameter (and related filters like description_filter, ord). The issues arise from improper handling of user-supplied session-based filters that are used to assembl...

CVE-2021-21912

Advantech R-SeeNet for Windows (Version 2.4.15) has a privilege escalation vulnerability (CVE-2021-21912) allowing an authenticated user to replace specific executable files in C:\R-SeeNet and related services to gain NT SYSTEM privileges. The TALOS report details multiple components (mysqld.exe,...

CVE-2021-21912

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...

CVE-2021-21911

Advantech R-SeeNet on Windows is affected by CVE-2021-21911 (Privilege escalation via SnmpMonSvs service executable) affecting 2.4.15. The vulnerability is caused by insufficient protection of the C:\R-SeeNet installation files, allowing an authenticated user to replace the SnmpMonSvs service bin...

CVE-2021-21911

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...

CVE-2021-21910

CVE-2021-21910 affects Advantech R-SeeNet on Windows (2.4.15). The vulnerability arises from improper default permissions allowing an authenticated user to replace certain executables (e.g., mysql service, SnmpMonSvs, Apache2.2) in C:\R-SeeNet and trigger privilege escalation to NT SYSTEM when th...

CVE-2021-21910

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...

The vulnerability of the prod_filter parameter in the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the prodfilter parameter in the “devicelist” component of the Advantech R-SeeNet monitoring software relates to the improper handling of the prodfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending special...

The vulnerability of the host_alt_filter2 parameter in the device_list.php script of the Advantech R-SeeNet router monitoring software allows a hacker to disclose protected information.

The vulnerability of the hostaltfilter2 parameter in the devicelist.php script of the Advantech R-SeeNet monitoring software relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially...

The vulnerability of the imei_filter parameter in the device_list.php file of the monitoring software for Advantech R-SeeNet’s router functions allows a hacker to disclose protected information.

The vulnerability of the imeifilter parameter in the devicelist.php script of the Advantech R-SeeNet monitoring software relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially...

The vulnerability of the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the “devicelist” component of the monitoring software for Advantech R-SeeNet routers involves incorrect processing of the macfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending specially crafted SQL queri...

Advantech R-SeeNet

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: SQL Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow authenticated users to perform a local privilege...

The vulnerability of the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the “devicelist” component of the monitoring software for Advantech R-SeeNet routers involves incorrect processing of the esnfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending specially crafted SQL queri...

The vulnerability of the surname_filter parameter in the user_list.php script of the Advantech R-SeeNet monitoring software allows a hacker to disclose protected information.

The vulnerability of the surnamefilter parameter in the userlist.php script of the Advantech R-SeeNet monitoring software relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially...

The vulnerability of the username_filter parameter in the user_list.php script of the Advantech R-SeeNet monitoring software allows a hacker to disclose protected information.

The vulnerability of the usernamefilter parameter in the userlist.php script of the Advantech R-SeeNet monitoring software relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially...

The vulnerability of the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the “devicelist” component of the monitoring software for Advantech R-SeeNet routers involves incorrect processing of the descfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending specially crafted SQL...

The vulnerability in the implementation of the executable file C:\R-SeeNet\apache\bin\httpd.exe, a monitoring software for routers of the Advantech R-SeeNet series, allows a perpetrator to gain elevated privileges.

The vulnerability of the executable file C:\R-SeeNet\apache\bin\httpd.exe, which is used by the monitoring software for routers of the Advantech R-SeeNet family, is related to deficiencies in access control to the C:\R-SeeNet directory. Exploiting this vulnerability could allow an attacker to...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93820)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanup of...