CNNVD-202511-512 Information
CNNVD ID
CNNVD-202511-512
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView v5.7.04 build 6425之前版本存在安全漏洞,该漏洞源于SNMP管理工具中存在身份验证绕过,可能导致SQL注入攻击和远程代码执行。
Description (English)
Advantech iView is a software based on a simple network protocol (SNMP) for managing B+ B SmartWorks equipment. The previous version of Advantech iView v5.7.04 built 6425 had a security loophole, which stemmed from the presence of an identification bypass in the SNMP management tool, which could lead to SQL injection into attack and remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://blog.exodusintel.com/2022/03/01/advantech-iview-getinventoryreportdata-parameter-sql-injection-information-disclosure/ https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 https://www.vulncheck.com/advisories/advantech-iview-getinventoryreportdata-parameter-sqli-rce
Patch
https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183
Share on: