CNNVD-202507-1549 Information

CNNVD ID

CNNVD-202507-1549

Related CVE

CVE-2025-53509

• CNNVD Published: 2025-07-10

Description (Chinese)

Advantech iView是中国研华（Advantech）公司的一个基于简单网络协议（SNMP）来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView存在参数注入漏洞，该漏洞源于NetworkServlet.restoreDatabase函数中参数注入，可能导致信息泄露，包括敏感数据库凭据。

Description (English)

Advantech iView is a software based on a simple network protocol (SNMP) for managing B+ B SmartWorks equipment. There is a gap in the parameters of Advantech iView, which stems from the injection of parameters in the NetworkServlet.restoreDatabase function, which may lead to the disclosure of information, including sensitive database evidence.

Hazard Level

High

Vulnerability Type

参数注入

Affected Vendor

研华

Published

2025-07-10

Last Modified

2026-02-24

References

https://nvd.nist.gov/vuln/detail/CVE-2025-53509 https://access.redhat.com/security/cve/cve-2025-53509

Patch

https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183