PT-2025-45366 · Advantech · Advantech Iview
Exodus Intelligence
·
Published
2022-03-01
·
Updated
2025-11-24
·
CVE-2022-50591
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Advantech iView versions prior to 5.7.04 build 6425
Description
The software contains a flaw within the SNMP management tool that permits remote attackers to circumvent authentication procedures and exploit a SQL injection issue. The SQL injection occurs through the
ztp config id parameter in the /NetworkServlet API endpoint. Successful exploitation can lead to the unauthorized disclosure of user data, including passwords stored in plain text.Recommendations
Update to version 5.7.04 build 6425 or later.
Fix
Missing Authentication
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advantech Iview