CNNVD-202511-499 Information
CNNVD ID
CNNVD-202511-499
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech WebAccess/VPN是中国台湾研华(Advantech)公司的一款高级网络安全平台。 Advantech WebAccess/VPN 1.1.5之前版本存在安全漏洞,该漏洞源于AjaxFwRulesController.ajaxDeviceFwRulesAction函数未对datatable搜索参数进行充分验证,可能导致SQL注入攻击和数据泄露。
Description (English)
Advantech WebAccess/VPN is a high-level network security platform for the company Advantech. A security loophole existed in the pre-Advantech WebAccess/VPN 1.1.5 version, which originated from the failure of the AjaxFwRulesController.ajaxDeviceFwrulesaction function to fully validate the datatable search parameters, which could lead to an attack by SQL and data leak.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://icr.advantech.com/download/software https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf https://www.vulncheck.com/advisories/advantech-webaccess-vpn-sqli-via-ajaxfwruelscontroller-ajaxdevicefwrulesaction
Patch
https://icr.advantech.com/download/software
Share on: