Advantech/B+B SmartWorx VESP211-EU and VESP211-232 Arbitrary Command Execution Vulnerability

The Advantech/B+B SmartWorx VESP211-EU and VESP211-232 are both Advantech China interfaces for connecting serial devices to Ethernet. An arbitrary command execution vulnerability exists in the Advantech/B+B SmartWorx VESP211-EU and VESP211-232, which could allow a remote attacker to perform...

CVE-2016-2275

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code...

Improper access control

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code...

CVE-2016-2275

CVE-2016-2275 affects Advantech/B+B SmartWorx VESP211-EU (firmware 1.7.2) and VESP211-232 (firmware 1.5.1 and 1.7.2). The web interface relies on client-side authentication, permitting remote attackers to perform administrative actions by modifying JavaScript. Exposure is via network-accessible w...