Filtered by vendor Advantech Subscriptions
Total 317 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-52335 1 Advantech 1 Iview 2024-12-05 N/A
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.
CVE-2024-50367 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "sta_log_htm" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50362 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "connection_profile_apply" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50361 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_file_remove" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50363 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "mp_apply" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50364 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "export_log" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50365 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50359 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "scan_ap" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50360 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "snmp_apply" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50366 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 7.2 High
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands.
CVE-2024-50371 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 9.8 Critical
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.
CVE-2024-50372 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 9.8 Critical
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "backup_config_to_utility" operation.
CVE-2024-50373 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 9.8 Critical
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "restore_config_from_utility" operation.
CVE-2024-50374 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 9.8 Critical
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "capture_packages" operation.
CVE-2024-50375 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 9.8 Critical
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point.
CVE-2024-50377 1 Advantech 3 Eki-6333ac-1gpo Firmware, Eki-6333ac-2g Firmware, Eki-6333ac-2gd Firmware 2024-11-26 6.5 Medium
A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.
CVE-2023-5642 1 Advantech 1 R-seenet 2024-11-21 9.8 Critical
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
CVE-2023-4215 1 Advantech 1 Webaccess 2024-11-21 6.5 Medium
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
CVE-2023-4203 1 Advantech 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more 2024-11-21 9 Critical
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
CVE-2023-4202 1 Advantech 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more 2024-11-21 9 Critical
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.