PT-2021-4647 · Advantech · Advantech Webaccess

Nattisamson

Published

2021-09-03

Updated

2021-09-20

CVE-2021-38408

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions 9.02 and prior

Description The issue is caused by a stack-based buffer overflow vulnerability due to a lack of proper validation of the length of user-supplied data. This may allow a remote attacker to execute arbitrary code.

Recommendations For Advantech WebAccess versions 9.02 and prior, update to a version that includes a fix for the stack-based buffer overflow vulnerability to prevent remote code execution. As a temporary workaround, consider restricting access to the affected software to minimize the risk of exploitation.

Fix

RCE

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

BDU:2021-05338

CVE-2021-38408

ZDI-21-1054

Affected Products

Advantech Webaccess

PT-2021-4647 · Advantech · Advantech Webaccess

CVE-2021-38408

Weakness Enumeration

Related Identifiers

Affected Products

References · 7