CVE-2022-2136

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.

CVE-2022-2138

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.

CVE-2022-2142

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.

CVE-2023-3983

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

CVE-2025-52577

A vulnerability exists in Advantech iView that could allow SQL injectionand remote code execution through NetworkServlet.archiveTrapRange().This issue requires an authenticated attacker with at least user-levelprivileges. Certain input parameters are not properly sanitized,allowing an attacker to p...

CVE-2025-53475

A vulnerability exists in Advantech iView that could allow for SQLinjection and remote code execution throughNetworkServlet.getNextTrapPage(). This issue requires an authenticatedattacker with at least user-level privileges. Certain parameters in thisfunction are not properly sanitized, allowing an...