Advantech

R-seenet

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2021-21923

Exploit
  • EPSS 1.34%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:15

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery.

7.8

CVE-2021-21911

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:13

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An...

7.8

CVE-2021-21912

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:13

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An...

8.8

CVE-2021-21915

Exploit
  • EPSS 1.25%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:14

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this ...

8.8

CVE-2021-21916

Exploit
  • EPSS 1.25%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:14

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger t...

8.8

CVE-2021-21917

Exploit
  • EPSS 1.25%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:14

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerabil...

4.9

CVE-2021-21918

Exploit
  • EPSS 1.34%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:14

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve...

4.9

CVE-2021-21919

Exploit
  • EPSS 1.34%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:14

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploita...

4.9

CVE-2021-21920

Exploit
  • EPSS 1.34%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:14

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery.

4.9

CVE-2021-21921

Exploit
  • EPSS 1.34%
  • Veröffentlicht 22.12.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:49:14

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery.