module
Advantech iView NetworkServlet Command Injection
| Disclosed |
|---|
| 2022-06-28 |
Disclosed
2022-06-28
Description
Versions of Advantech iView software below `5.7.04.6469` are
vulnerable to an unauthenticated command injection vulnerability
via the `NetworkServlet` endpoint.
The database backup functionality passes a user-controlled parameter,
`backup_file` to the `mysqldump` command. The sanitization functionality only
tests for SQL injection attempts and directory traversal, so leveraging the
`-r` and `-w` `mysqldump` flags permits exploitation.
The command injection vulnerability is used to write a payload on the target
and achieve remote code execution as NT AUTHORITY\SYSTEM.
vulnerable to an unauthenticated command injection vulnerability
via the `NetworkServlet` endpoint.
The database backup functionality passes a user-controlled parameter,
`backup_file` to the `mysqldump` command. The sanitization functionality only
tests for SQL injection attempts and directory traversal, so leveraging the
`-r` and `-w` `mysqldump` flags permits exploitation.
The command injection vulnerability is used to write a payload on the target
and achieve remote code execution as NT AUTHORITY\SYSTEM.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.