CVE-2021-21935

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to the lack of protection of the SQL query structure in the host alt filter2 parameter of the device list.php file. This can be exploited by a remote attacker using a specially-crafted HTTP request, potentially leading to the disclosure of protected information. The vulnerability can be triggered by making authenticated HTTP requests to the host alt filter2 parameter, which can be done by any authenticated user or through cross-site request forgery.

Recommendations As a temporary workaround, consider restricting access to the host alt filter2 parameter in the device list.php file until a patch is available. Avoid using the host alt filter2 parameter in authenticated HTTP requests to minimize the risk of exploitation. Restrict access to the device list.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.