CVE-2021-21926

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to the incorrect handling of the health filter parameter in the device list component, which can lead to SQL injection. An attacker can exploit this by making authenticated HTTP requests or through cross-site request forgery. This allows a remote attacker to conduct cross-site scripting attacks by sending specially crafted SQL queries.

Recommendations As a temporary workaround, consider disabling the health filter parameter to minimize the risk of exploitation. Restrict access to the device list component to minimize the risk of exploitation. Avoid using the health filter parameter in affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.