CNNVD-202507-1596 Information
CNNVD ID
CNNVD-202507-1596
Related CVE
- CNNVD Published: 2025-07-11
Description (Chinese)
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView存在SQL注入漏洞,该漏洞源于CUtils.checkSQLInjection函数存在SQL注入漏洞,可能导致信息泄露或拒绝服务。
Description (English)
Advantech iView is a software based on a simple network protocol (SNMP) for managing B+ B SmartWorks equipment. The Advantech iView has an injection loophole in SQL, which originates from the Cutils.checkSQLInjection function in SQL, which may lead to information leaking or denial of services.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
研华
Published
2025-07-11
Last Modified
2026-02-24
References
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08 https://access.redhat.com/security/cve/cve-2025-48891
Patch
https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183
Share on: