CVE-2021-21923

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to a SQL injection vulnerability. It can be triggered by making authenticated HTTP requests to the company filter parameter, potentially through cross-site request forgery or using an administrative account. The vulnerability is associated with a lack of protection for the SQL query structure in the user list component. An attacker can exploit this vulnerability to execute arbitrary SQL queries.

Recommendations For Advantech R-SeeNet, consider disabling access to the company filter parameter in the user list component until a patch is available. Restrict access to the administrative account to minimize the risk of exploitation. Avoid using the company filter parameter in affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.