Lucene search
RgodZDI-20-1262HistoryOct 19, 2020 - 12:00 a.m.
Advantech R-SeeNet device_position device_id SQL Injection Information Disclosure Vulnerability
2020-10-1900:00:00
rgod
www.zerodayinitiative.com
21
advantech r-seenet
sql injection
information disclosure
remote attackers
authentication
device position
device id
vulnerability
stored credentials
compromise
EPSS
0.002
Percentile
61.5%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within device_position.php. When parsing the device_id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
Related
cvelist
cvelist
CVE-2020-25157
2020-10-20 21:40:26
checkpoint_advisories
checkpoint_advisories
Advantech R-SeeNet SQL Injection (CVE-2020-25157)
2020-12-22 00:00:00
prion
prion
Sql injection
2020-10-20 22:15:00
nvd
nvd
CVE-2020-25157
2020-10-20 22:15:43
cve
cve
CVE-2020-25157
2020-10-20 22:15:43
ics
ics
Advantech R-SeeNet
2020-10-15 12:00:00