CNNVD-202511-505 Information
CNNVD ID
CNNVD-202511-505
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech WebAccess/VPN是中国台湾研华(Advantech)公司的一款高级网络安全平台。 Advantech WebAccess/VPN 1.1.5之前版本存在安全漏洞,该漏洞源于AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction存在绝对路径遍历,可能导致读取任意文件。
Description (English)
Advantech WebAccess/VPN is a high-level network security platform for the company Advantech. The security loophole in the pre-Advantech WebAccess/VPN 1.1.5 version originated from the absolute path of AjaxStandalone VpnClentsController.ajaxDownloadRoadWarriorConfigFileAction, which could lead to the reading of any file.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://icr.advantech.com/download/software https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf https://www.vulncheck.com/advisories/advantech-webaccess-vpn-path-traversal-via-ajaxstandalonevpnclientscontroller
Patch
https://icr.advantech.com/download/software
Share on: