CVE-2021-21934

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to a lack of protection in the SQL query structure, allowing for SQL injection through a specially-crafted HTTP request. This can be triggered at the imei filter parameter by an authenticated user or through cross-site request forgery, potentially leading to the disclosure of protected information.

Recommendations As a temporary workaround, consider disabling the imei filter parameter in the device list.php file until a patch is available. Restrict access to the device list.php file to minimize the risk of exploitation. Avoid using the imei filter parameter in authenticated HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.