Primary

Context

Advantech DeviceOn/iEdge Remote Code Execution Vulnerability via Path Traversal

Vulnerability

Patched

A path traversal vulnerability allowing remote code execution with system-level permissions has been identified in Advantech DeviceOn/iEdge versions through 2.0.2. The issue arises from insufficient input sanitization, which enables attackers to upload specially crafted configuration files that traverse directories and execute code remotely, with the execution context of the local system account.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution with system-level privileges.

Remediation

Advantech has stated that DeviceOn/iEdge is end-of-life and recommends users upgrade to the latest version of DeviceOn, which is not vulnerable to this issue. For upgrade assistance, users should contact Advantech.

Added: Nov 6, 2025, 11:18 PM

Updated: Nov 6, 2025, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

4.8

remediation

8.3

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

4.8

remediation

8.3

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advantech DeviceOn/iEdge Remote Code Execution Vulnerability via Path Traversal

Vulnerability

Impact

Remediation

Affected Products

Advantech DeviceOn/iEdge

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating