Aggregates CVE and security vulnerability intelligence across all Advantech-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk path handling and related problems; some flaws may lead to vendor impact memory corruption, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-59171 | Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | [email protected] | 8.7 | 0.62% | 2025-11-06 | 2026-06-17 |
| CVE-2025-58423 | Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account. | [email protected] | 8.7 | 0.46% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34247 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | [email protected] | 5.1 | 0.26% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34246 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | [email protected] | 5.3 | 0.25% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34245 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | [email protected] | 5.3 | 0.25% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34244 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | [email protected] | 5.3 | 0.25% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34243 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | [email protected] | 5.3 | 0.25% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34242 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | [email protected] | 8.6 | 0.25% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34241 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | [email protected] | 5.3 | 0.25% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34240 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | [email protected] | 8.6 | 0.25% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34239 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename. | [email protected] | 8.6 | 1.58% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34238 | Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web user (www-data) can access. | [email protected] | 6.9 | 0.33% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34237 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | [email protected] | 6.3 | 0.17% | 2025-11-06 | 2026-06-17 |
| CVE-2025-34236 | Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | [email protected] | 6.2 | 0.17% | 2025-11-06 | 2026-06-17 |
| CVE-2022-50595 | Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | [email protected] | 9.3 | 0.57% | 2025-11-06 | 2026-06-17 |
| CVE-2022-50594 | Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. | [email protected] | 8.8 | 0.41% | 2025-11-06 | 2026-06-17 |
| CVE-2022-50593 | Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | [email protected] | 9.3 | 0.62% | 2025-11-06 | 2026-06-17 |
| CVE-2022-50592 | Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. | [email protected] | 9.3 | 0.57% | 2025-11-06 | 2026-06-17 |
| CVE-2022-50591 | Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. | [email protected] | 8.8 | 0.46% | 2025-11-06 | 2026-06-17 |
| CVE-2025-53519 | A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. | [email protected] | 5.1 | 0.19% | 2025-07-10 | 2026-06-17 |