CNNVD-202511-510 Information
CNNVD ID
CNNVD-202511-510
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView v5.7.04 build 6425之前版本存在安全漏洞,该漏洞源于SNMP管理工具中的ztp_search_value参数未正确验证,可能导致SQL注入攻击和远程代码执行。
Description (English)
Advantech iView is a software based on a simple network protocol (SNMP) for managing B+ B SmartWorks equipment. The previous version of Advantech iView v5.7.04 built 6425 had a security loophole, which stemmed from the incorrect validation of the ztp search value parameters in the SNMP management tool, which could lead to an SQL injection attack and remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://blog.exodusintel.com/2022/03/01/advantech-iview-ztp_search_value-parameter-sql-injection-remote-code-execution-vulnerability/ https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 https://www.vulncheck.com/advisories/advantech-iview-ztpsearchvalue-parameter-sqli-rce
Patch
https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183
Share on: