PT-2025-45369 · Advantech · Iview
Exodus Intelligence
·
Published
2022-01-13
·
Updated
2025-11-24
·
CVE-2022-50594
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Advantech iView versions prior to 5.7.04 build 6425
Description
The software contains a flaw in the SNMP management tool that permits remote attackers to circumvent authentication procedures and exploit a SQL injection issue. The SQL injection occurs through the
data parameter of the /NetworkServlet API endpoint. Successful exploitation can lead to the unauthorized disclosure of user data, including passwords stored in plain text.Recommendations
Update to version 5.7.04 build 6425 or later.
Fix
Missing Authentication
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iview