CNNVD-202511-496 Information

CNNVD ID

CNNVD-202511-496

Related CVE

CVE-2025-34247

• CNNVD Published: 2025-11-06

Description (Chinese)

Advantech WebAccess/VPN是中国台湾研华（Advantech）公司的一款高级网络安全平台。 Advantech WebAccess/VPN 1.1.5之前版本存在安全漏洞，该漏洞源于NetworksController.addNetworkAction未正确过滤datatable搜索参数，可能导致SQL注入攻击和信息泄露。

Description (English)

Advantech WebAccess/VPN is a high-level network security platform for the company Advantech. The previous version of Advantech WebAccess/VPN 1.1.5 had a security loophole, which stemmed from the fact that NetworksController.addNetworkAction did not properly filter the datatable search parameters, which could lead to SQL injection attacks and information leaks.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

研华

Published

2025-11-06

Last Modified

2026-02-24

References

https://icr.advantech.com/download/software https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-networkscontroller

Patch

https://icr.advantech.com/download/software