PT-2025-45370 · Advantech · Iview
Exodus Intelligence
·
Published
2022-01-13
·
Updated
2025-11-24
·
CVE-2022-50595
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Advantech iView versions prior to 5.7.04 build 6425
Description
The software contains a flaw within its SNMP management tool that permits remote attackers to circumvent authentication procedures. This allows access to a SQL injection point within the
ztp search value parameter of the /NetworkServlet API endpoint. Successful exploitation can lead to remote code execution with administrator privileges.Recommendations
Update to version 5.7.04 build 6425 or later.
Fix
RCE
Missing Authentication
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Iview