Advantech: >> R-Seenet >> 2.4.12 Security Vulnerabilities
Advantech R-SeeNet
versions 2.4.22
is installed with a hidden root-level user that is not available in the
users list. This hidden user has a password that cannot be changed by
users.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-22
Advantech R-SeeNet
versions 2.4.22
allows low-level users to access and load the content of local files.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-22
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-10-27
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-10-27
Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.
CVSS Score
6.5
EPSS Score
0.035
Published
2022-10-27
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.927
Published
2021-08-05
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
CVSS Score
9.6
EPSS Score
0.76
Published
2021-07-16
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
CVSS Score
9.6
EPSS Score
0.725
Published
2021-07-16
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
CVSS Score
9.6
EPSS Score
0.852
Published
2021-07-16
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
CVSS Score
9.6
EPSS Score
0.793
Published
2021-07-16
Page 1