Advantech

R-seenet

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-5642

Exploit
  • EPSS 1.02%
  • Veröffentlicht 18.10.2023 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:42:10

Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.

8.1

CVE-2023-3256

  • EPSS 0.07%
  • Veröffentlicht 22.06.2023 17:15:44
  • Zuletzt bearbeitet 21.11.2024 08:16:48

Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.

9.8

CVE-2023-2611

  • EPSS 0.08%
  • Veröffentlicht 22.06.2023 17:15:44
  • Zuletzt bearbeitet 21.11.2024 07:58:55

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.

5.3

CVE-2022-3387

  • EPSS 0.55%
  • Veröffentlicht 27.10.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 07:19:25

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.

9.8

CVE-2022-3386

  • EPSS 1.31%
  • Veröffentlicht 27.10.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 07:19:25

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.

9.8

CVE-2022-3385

  • EPSS 1.31%
  • Veröffentlicht 27.10.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 07:19:25

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.

6.5

CVE-2021-21937

Exploit
  • EPSS 1.19%
  • Veröffentlicht 22.12.2021 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:49:16

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forger...

6.5

CVE-2021-21925

Exploit
  • EPSS 1.19%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:15

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter...

6.5

CVE-2021-21924

Exploit
  • EPSS 1.4%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:15

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter...

6.5

CVE-2021-21926

Exploit
  • EPSS 1.19%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:15

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ paramet...