Primary

Context

Advantech iView Argument Injection Vulnerability in NetworkServlet.restoreDatabase()

Vulnerability

Patched

An argument injection vulnerability has been identified in Advantech iView versions prior to 5.7.05 build 7057. This vulnerability allows an authenticated attacker with user-level privileges to inject arbitrary arguments into a command via an input parameter, which is executed without proper sanitization. The exploitation of this vulnerability could lead to unauthorized information disclosure, including sensitive database credentials.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive database information, including credentials.

Remediation

Users are advised to update to Advantech iView version 5.7.05 build 7057.

Added: Jul 11, 2025, 12:31 AM

Updated: Jul 11, 2025, 12:31 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advantech iView Argument Injection Vulnerability in NetworkServlet.restoreDatabase()

Vulnerability

Impact

Remediation

Affected Products

Advantech iView

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating