Advantech

Webaccess

103 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-12006

  • EPSS 4.15%
  • Veröffentlicht 08.05.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:06

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.

7.1

CVE-2020-12010

  • EPSS 0.58%
  • Veröffentlicht 08.05.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:06

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.

7.5

CVE-2020-12014

  • EPSS 0.33%
  • Veröffentlicht 08.05.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:07

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.

7.5

CVE-2020-12018

  • EPSS 0.33%
  • Veröffentlicht 08.05.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:07

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.

9.8

CVE-2020-12022

  • EPSS 0.46%
  • Veröffentlicht 08.05.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:07

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.

8.8

CVE-2020-12026

  • EPSS 1.89%
  • Veröffentlicht 08.05.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:08

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.

7.5

CVE-2019-3942

  • EPSS 0.94%
  • Veröffentlicht 01.04.2020 17:15:14
  • Zuletzt bearbeitet 21.11.2024 04:42:54

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

8.8

CVE-2020-10607

  • EPSS 0.79%
  • Veröffentlicht 27.03.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:41

In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

9.8

CVE-2019-3951

Exploit
  • EPSS 11.84%
  • Veröffentlicht 12.12.2019 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:42:55

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.

8.8

CVE-2019-13556

  • EPSS 1.17%
  • Veröffentlicht 18.09.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:25:08

In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.