CVE-2021-21925

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to the incorrect handling of the firm filter parameter in the device list component, which can lead to SQL injection. An attacker can exploit this by making authenticated HTTP requests or through cross-site request forgery, potentially allowing remote attackers to conduct SQL injection attacks. The firm filter parameter is specifically vulnerable.

Recommendations As a temporary workaround, consider disabling the firm filter parameter in the device list component until a patch is available. Restrict access to the device list component to minimize the risk of exploitation. Avoid using the firm filter parameter in authenticated HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.