CVE-2021-21921

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to a lack of protection in the SQL query structure, which can be exploited through a specially-crafted HTTP request, potentially leading to SQL injection. This can be triggered by making authenticated HTTP requests to the name filter parameter, possibly through cross-site request forgery, or by exploiting the name filter parameter in the user list.php file. An attacker could use this vulnerability to disclose protected information remotely.

Recommendations For Advantech R-SeeNet, as a temporary workaround, consider disabling the name filter parameter in the user list.php file until a patch is available. Restrict access to the user list.php file to minimize the risk of exploitation. Avoid using the name filter parameter in authenticated HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.