Primary

Context

Advantech iView Argument Injection Vulnerability in NetworkServlet.backupDatabase()

Vulnerability

Patched

An argument injection vulnerability has been identified in Advantech iView, specifically in the NetworkServlet.backupDatabase() method. This vulnerability allows an authenticated attacker with user-level privileges to inject arbitrary arguments into a command, bypassing proper input sanitization. The exploitation of this vulnerability could lead to unauthorized information disclosure, including sensitive database credentials.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, such as database credentials.

Remediation

Users are advised to update to Advantech iView version 5.7.05 build 7057.

Added: Jul 11, 2025, 12:22 AM

Updated: Jul 11, 2025, 12:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advantech iView Argument Injection Vulnerability in NetworkServlet.backupDatabase()

Vulnerability

Impact

Remediation

Affected Products

Advantech iView

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating