Advantech SUSIAccess Server UpgradeMgmt upload Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech SUSIAccess Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UpgradeMgmt servlet upload function. The issue lies in t...

Advantech SUSIAccess Server Static Encryption Key Privilege Escalation Vulnerability

This vulnerability allows attackers to escalate privileges on vulnerable installations of Advantech SUSIAccess Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within encryption and storage of the administrator password. The password is stored in a...

Advantech SUSIAccess Server downloadCSV file Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech SUSIAccess Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of downloadCSV.jsp. When parsing the file element, the...

Advantech SUSIAccess Server Local Elevation of Privilege Vulnerability

SUSIAccess is an easy-to-use remote device management software solution. A local elevation of privilege vulnerability exists in Advantech SUSIAccess Server. Since the admin password is stored on the system and encrypted using a hard-coded static key in the program. An attacker can exploit the...

Advantech SUSIAccess Server Directory Traversal Vulnerability

SUSIAccess is an easy-to-use remote device management software solution. A directory traversal vulnerability exists in Advantech SUSIAccess Server. An attacker can exploit the vulnerability to traverse files or upload and decompress zip files...