CNNVD-202511-513 Information
CNNVD ID
CNNVD-202511-513
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech iView是中国研华(Advantech)公司的一个基于简单网络协议(SNMP)来对 B + B SmartWorx 设备进行管理的软件。 Advantech iView v5.7.04 build 6425之前版本存在安全漏洞,该漏洞源于SNMP管理工具中存在身份验证绕过问题,可能导致远程攻击者利用NetworkServlet端点中search_term参数进行SQL注入攻击,进而实现远程代码执行。
Description (English)
Advantech iView is a software based on a simple network protocol (SNMP) for managing B+ B SmartWorks equipment. Prior to the version of Advantech iView v5.7.04 built 6425, there was a security loophole, which stemmed from a problem of identification bypassing in the SNMP management tool, which could lead to a remote attack by a remote attacker using the search term parameters at the NetworkServlet endpoint, leading to a remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://blog.exodusintel.com/2022/03/01/advantech-iview-search_term-parameter-sql-injection-remote-code-execution-vulnerability/ https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 https://www.vulncheck.com/advisories/advantech-iview-searchterm-parameter-sqli-rce
Patch
https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183
Share on: