CVE-2020-10621

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/NMS versions prior to 3.0.2

Description The issue allows files to be uploaded and executed on the WebAccess/NMS, potentially leading to remote code execution. This is due to multiple unrestricted file upload vulnerabilities in various actions and resources, including extProgramAction, ProfileResource, DBBackupRestoreAction, LicenseImportAction, DBBackupResource, saveBackground, ConfigRestoreAction, SupportDeviceaddAction, and FwUpgradeAction.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable actions and resources until a patch is available. Restrict access to the WebAccess/NMS to minimize the risk of exploitation. Avoid using the affected actions and resources in the WebAccess/NMS until the issue is resolved.