Lucene search

K
zdiEsjay (@esj4y)ZDI-23-1157
HistoryAug 21, 2023 - 12:00 a.m.

Advantech R-SeeNet device_status Local File Inclusion Privilege Escalation Vulnerability

2023-08-2100:00:00
Esjay (@esj4y)
www.zerodayinitiative.com
6
advantech r-seenet
local file inclusion
privilege escalation
authentication
php include function

0.004 Low

EPSS

Percentile

73.9%

This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. Authentication is required to exploit this vulnerability. The specific flaw exists within the device_status page. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.

0.004 Low

EPSS

Percentile

73.9%

Related for ZDI-23-1157