Advantech: >> R-Seenet Security Vulnerabilities
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-10-18
Advantech R-SeeNet
versions 2.4.22
is installed with a hidden root-level user that is not available in the
users list. This hidden user has a password that cannot be changed by
users.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-22
Advantech R-SeeNet
versions 2.4.22
allows low-level users to access and load the content of local files.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-22
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-10-27
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-10-27
Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.
CVSS Score
6.5
EPSS Score
0.035
Published
2022-10-27
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
CVSS Score
7.7
EPSS Score
0.011
Published
2021-12-22
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-12-22
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-12-22
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
CVSS Score
7.7
EPSS Score
0.011
Published
2021-12-22
Page 1