Webaccess Nms
CVE-2020-10623
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
AnalysisAI
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. Affected products include: Advantech Webaccess\/Nms. Version information: prior to 3.0.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Webaccess Nms
View allAn attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. Rated criti
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). Rated
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) cont
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versio
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Rated high severity (CVSS 7.5), this vulnerability
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today