CNNVD-202511-511 Information
CNNVD ID
CNNVD-202511-511
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView v5.7.04 build 6425之前版本存在安全漏洞,该漏洞源于SNMP管理工具中未正确验证身份验证,且对NetworkServlet端点中参数data的错误操作,可能导致SQL注入攻击和数据泄露。
Description (English)
Advantech iView is a software based on a simple network protocol (SNMP) for managing B+ B SmartWorks equipment. The previous version of Advantech iView v5.7.04 built 6425 had a security loophole, which stemmed from the incorrect authentication of identity in the SNMP management tool, and the incorrect operation of the parameter data at the NetworkServlet endpoint, which could result in an attack on SQL and data leak.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://blog.exodusintel.com/2022/03/01/advantech-iview-page_action_service-parameter-sql-injection-remote-code-execution-vulnerability/ https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure
Patch
https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183
Share on: