Primary

Context

Advantech DeviceOn/iEdge Remote Code Execution Vulnerability via Path Traversal

Vulnerability

Patched

A path traversal vulnerability allowing remote code execution with system-level permissions has been identified in Advantech DeviceOn/iEdge versions through 2.0.2. The issue arises from insufficient input sanitization, which enables attackers to upload specially crafted configuration files that traverse directories and execute code remotely, with the execution context of the local system account.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution with system-level privileges.

Remediation

Advantech has stated that DeviceOn/iEdge version 2.0.2 and prior are end-of-life and recommends all users upgrade to the current version of DeviceOn, which is not vulnerable to this issue. For upgrade assistance, users should contact Advantech.

Added: Nov 6, 2025, 11:18 PM

Updated: Nov 6, 2025, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

4.8

remediation

8.3

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

4.8

remediation

8.3

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advantech DeviceOn/iEdge Remote Code Execution Vulnerability via Path Traversal

Vulnerability

Impact

Remediation

Affected Products

Advantech DeviceOn/iEdge

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating