Primary

Context

Advantech iView SQL Injection Vulnerability via SNMP v1 Traps

Vulnerability

Patched

A SQL injection vulnerability has been identified in Advantech iView versions through 5.7.05.7057. The issue arises because the application does not properly sanitize SNMP v1 trap requests received on Port 162. This lack of input validation could allow an attacker to inject malicious SQL commands, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability could allow an attacker to inject SQL commands, with the potential to disclose, modify, or delete data.

Remediation

Advantech recommends users update to iView version 5.8.1.

Added: Dec 4, 2025, 11:21 PM

Updated: Dec 4, 2025, 11:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.7

remediation

7.9

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.7

remediation

7.9

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advantech iView SQL Injection Vulnerability via SNMP v1 Traps

Vulnerability

Impact

Remediation

Affected Products

Advantech iView

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating