CVE-2018-15705

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions 8.3.1 through 8.3.2

Description The issue allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API endpoint. This can be used to remotely execute arbitrary code.

Recommendations For Advantech WebAccess versions 8.3.1 and 8.3.2, consider restricting access to the writeFile API endpoint until a patch is available. As a temporary workaround, limit the ability to write or overwrite files on the filesystem to minimize the risk of exploitation.