PT-2020-12253 · Advantech · Webaccess/Nms

Published

2020-04-08

Updated

2020-04-10

CVE-2020-10625

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/NMS versions prior to 3.0.2

Description The issue allows an unauthenticated remote user to create a new admin account. This can be exploited by sending a request to a vulnerable endpoint, potentially allowing attackers to gain administrative access to the system.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative interface until the update can be applied.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-10625

ZDI-20-414

Affected Products

Webaccess/Nms

PT-2020-12253 · Advantech · Webaccess/Nms

CVE-2020-10625

Weakness Enumeration

Related Identifiers

Affected Products

References · 5