CVE-2021-21917

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet version 2.4.15

Description The issue is related to a SQL injection vulnerability in the 'group list' page. It is caused by the lack of protection against SQL query structure manipulation through the ord parameter. An attacker can exploit this by making specially crafted HTTP requests, potentially allowing the execution of arbitrary SQL queries. This can be triggered by any authenticated user or through cross-site request forgery.

Recommendations For Advantech R-SeeNet version 2.4.15, consider disabling access to the 'group list' page or restricting the use of the ord parameter until a patch is available. Additionally, restrict access to authenticated HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.