Skip to main content

Iview

37 CVEs product

Monthly

CVE-2022-50595 CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2022-50594 HIGH This Week

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2022-50593 CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2022-50592 CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2022-50591 HIGH This Week

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2025-53519 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53515 HIGH PATCH This Week

A remote code execution vulnerability in Advantech iView that allows for SQL injection and remote code execution (CVSS 8.8) that allows for sql injection and remote code execution. High severity vulnerability requiring prompt remediation.

RCE SQLi Authentication Bypass Iview
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-53509 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information disclosure, including sensitive database credentials.

Information Disclosure Iview
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53475 HIGH PATCH This Week

CVE-2025-53475 is a SQL injection vulnerability in Advantech iView's NetworkServlet.getNextTrapPage() function that allows authenticated users to execute arbitrary SQL queries and potentially achieve remote code execution within the context of the 'nt authority\local service' account. The vulnerability requires valid user-level credentials but has a high CVSS score of 8.8 due to the combination of high confidentiality, integrity, and availability impact. No KEV or active exploitation data is provided, but the authenticated requirement and network accessibility make this a moderate-to-high priority for organizations deploying Advantech iView.

RCE SQLi Iview
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-53397 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52577 HIGH PATCH This Week

CVE-2025-52577 is a SQL injection vulnerability in Advantech iView's NetworkServlet.archiveTrapRange() method that allows authenticated users to execute arbitrary SQL queries and potentially achieve remote code execution (RCE) within the LocalService account context. The vulnerability affects Advantech iView and requires user-level authentication, making it a post-authentication attack vector with high severity (CVSS 8.8). While no public POC or KEV status confirmation is available in provided data, the combination of SQL injection leading to RCE on a privileged service account represents significant risk for organizations deploying this network management solution.

RCE SQLi Iview
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-48891 HIGH PATCH This Week

CVE-2025-48891 is a SQL injection vulnerability in Advantech iView's CUtils.checkSQLInjection() function that fails to properly sanitize user input, allowing authenticated attackers with user-level privileges to execute arbitrary SQL queries. This can lead to unauthorized information disclosure or denial-of-service conditions. The vulnerability requires network access and user authentication but has no UI interaction requirement, making it a significant risk for organizations using iView in multi-user environments.

Code Injection Iview
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-46704 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing an attacker to determine the existence of arbitrary files on the server.

Path Traversal Iview
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-41442 MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-3983 HIGH POC THREAT This Week

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iview
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2023-33335 MEDIUM This Month

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Iview
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3323 HIGH POC THREAT This Week

An SQL injection vulnerability in Advantech iView 5.7.04.6469. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
30.7%
CVE-2022-2143 CRITICAL POC THREAT Emergency

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Iview
NVD
CVSS 3.1
9.8
EPSS
59.2%
CVE-2022-2142 MEDIUM This Month

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2022-2139 CRITICAL Act Now

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Iview
NVD
CVSS 3.1
9.8
EPSS
14.8%
CVE-2022-2138 HIGH This Week

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Information Disclosure Iview
NVD
CVSS 3.1
7.5
EPSS
10.9%
CVE-2022-2137 MEDIUM This Month

The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-2136 MEDIUM This Month

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
6.5
EPSS
9.0%
CVE-2022-2135 HIGH This Week

The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
10.1%
CVE-2021-32932 HIGH This Week

The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-32930 CRITICAL Act Now

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Iview
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2021-22658 CRITICAL Act Now

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2021-22656 HIGH This Week

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-22654 HIGH This Week

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
11.8%
CVE-2021-22652 CRITICAL POC THREAT Emergency

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Iview
NVD
CVSS 3.1
9.8
EPSS
36.8%
CVE-2020-16245 CRITICAL Act Now

Advantech iView, Versions 5.7 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
CVSS 3.1
9.8
EPSS
7.7%
CVE-2020-14503 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Iview
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-14501 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iview
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-14499 HIGH This Week

Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iview
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-14507 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-14505 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iview
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2020-14497 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
9.8
EPSS
4.9%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability in Advantech iView that allows for SQL injection and remote code execution (CVSS 8.8) that allows for sql injection and remote code execution. High severity vulnerability requiring prompt remediation.

RCE SQLi Authentication Bypass +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information disclosure, including sensitive database credentials.

Information Disclosure Iview
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

CVE-2025-53475 is a SQL injection vulnerability in Advantech iView's NetworkServlet.getNextTrapPage() function that allows authenticated users to execute arbitrary SQL queries and potentially achieve remote code execution within the context of the 'nt authority\local service' account. The vulnerability requires valid user-level credentials but has a high CVSS score of 8.8 due to the combination of high confidentiality, integrity, and availability impact. No KEV or active exploitation data is provided, but the authenticated requirement and network accessibility make this a moderate-to-high priority for organizations deploying Advantech iView.

RCE SQLi Iview
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CVE-2025-52577 is a SQL injection vulnerability in Advantech iView's NetworkServlet.archiveTrapRange() method that allows authenticated users to execute arbitrary SQL queries and potentially achieve remote code execution (RCE) within the LocalService account context. The vulnerability affects Advantech iView and requires user-level authentication, making it a post-authentication attack vector with high severity (CVSS 8.8). While no public POC or KEV status confirmation is available in provided data, the combination of SQL injection leading to RCE on a privileged service account represents significant risk for organizations deploying this network management solution.

RCE SQLi Iview
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

CVE-2025-48891 is a SQL injection vulnerability in Advantech iView's CUtils.checkSQLInjection() function that fails to properly sanitize user input, allowing authenticated attackers with user-level privileges to execute arbitrary SQL queries. This can lead to unauthorized information disclosure or denial-of-service conditions. The vulnerability requires network access and user authentication but has no UI interaction requirement, making it a significant risk for organizations using iView in multi-user environments.

Code Injection Iview
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing an attacker to determine the existence of arbitrary files on the server.

Path Traversal Iview
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities.

XSS Information Disclosure Iview
NVD
EPSS 15% CVSS 8.8
HIGH POC THREAT This Week

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iview
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Iview
NVD
EPSS 31% CVSS 7.5
HIGH POC THREAT This Week

An SQL injection vulnerability in Advantech iView 5.7.04.6469. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iview
NVD
EPSS 59% CVSS 9.8
CRITICAL POC THREAT Emergency

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Iview
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Iview
NVD
EPSS 15% CVSS 9.8
CRITICAL Act Now

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Iview
NVD
EPSS 11% CVSS 7.5
HIGH This Week

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Information Disclosure +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 9% CVSS 6.5
MEDIUM This Month

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 10% CVSS 7.5
HIGH This Week

The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Iview
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
EPSS 12% CVSS 7.5
HIGH This Week

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 37% CVSS 9.8
CRITICAL POC THREAT Emergency

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Iview
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

Advantech iView, Versions 5.7 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Iview
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iview
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iview
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iview
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy