CVE-2020-16245

Name of the Vulnerable Software and Affected Versions Advantech iView versions 5.7 and prior

Description The affected product is vulnerable to path traversal vulnerabilities, which could allow an attacker to create or download arbitrary files, limit system availability, and remotely execute code. The vulnerability affects various components, including the DeviceTreeTable, NetworkServlet, TaskMgrTable, and PSTable, allowing for directory traversal, remote code execution, and information disclosure.

Recommendations For versions 5.7 and prior, update to a version later than 5.7 to resolve the issue. As a temporary workaround, consider restricting access to the affected components, such as the DeviceTreeTable, NetworkServlet, TaskMgrTable, and PSTable, to minimize the risk of exploitation. Avoid using the affected API endpoints, such as DeviceTreeTable exportTaskMgrReport, NetworkServlet findCfgDeviceListExport, DeviceTreeTable exportInventoryTable, NetworkServlet findSummaryCfgDeviceListExport, TaskMgrTable exportTaskMgrReportDetails, NetworkServlet findUpdateDeviceListExport, NetworkServlet backupDatabase, NetworkServlet findSummaryUpdateDeviceListExport, and PSTable exportPSInventoryTable, until the issue is resolved.