CNNVD-202511-474 Information
CNNVD ID
CNNVD-202511-474
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech DeviceOn/iEdge是中国台湾研华(Advantech)公司的一个边缘设备远程管理与运维平台。 Advantech DeviceOn/iEdge 2.0.2及之前版本存在路径遍历漏洞,该漏洞源于清理不足,可能导致攻击者上传特制配置文件进行目录遍历,并以系统权限执行远程代码。
Description (English)
Advantech DeviceOn/iEdge is a remote management and transport platform for peripheral equipment of the Chinese company Advantech. Advantech DeviceOn/iEdge 2.0.2 and previous versions had a loophole in the path, which stemmed from a lack of clean-up, which could lead the assailant to upload a special configuration file for cataloguing and to execute remote code with system privileges.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json https://www.advantech.com/emt/contact https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01
Share on: