CNNVD-202511-475 Information
Nov 06, 2025
cve
CNNVD ID
CNNVD-202511-475
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech DeviceOn/iEdge是中国台湾研华(Advantech)公司的一个边缘设备远程管理与运维平台。 Advantech DeviceOn/iEdge 2.0.2及之前版本存在路径遍历漏洞,该漏洞源于清理不足,攻击者可上传特制配置文件进行目录遍历,可能导致远程代码执行。
Description (English)
Advantech DeviceOn/iEdge is a remote management and transport platform for peripheral equipment of the Chinese company Advantech. Advantech DeviceOn/iEdge 2.0.2 and previous versions had a loophole in the path, which stemmed from a lack of clean-up and allowed the assailant to upload a unique profile for cataloguing, which could lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json https://www.advantech.com/emt/contact https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01
Share on: