CVE-2023-3256

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet version 2.4.22

Description The issue is related to incorrect external control of a file name or path, allowing a remote attacker to gain unauthorized access to local files by sending specially crafted HTTP requests. This can enable low-level users to access and load the content of local files.

Recommendations For Advantech R-SeeNet version 2.4.22, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of low-level users to prevent them from accessing unauthorized files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.