Primary

Context

Advantech DeviceOn/iEdge Insufficient Input Sanitization Vulnerability Allowing Information Disclosure and Data Manipulation

Vulnerability

Patched

A vulnerability exists in Advantech DeviceOn/iEdge versions through 2.0.2, due to inadequate input sanitization in the dashboard label or path. This flaw can be exploited to trigger device errors, leading to unauthorized information disclosure or manipulation of data. Additionally, this vulnerability has been associated with cross-site scripting.

Impact

Exploitation of this vulnerability could result in a denial-of-service condition, remote code execution, or unauthorized access to arbitrary files.

Remediation

Advantech has stated that DeviceOn/iEdge is end-of-life and recommends users upgrade to the current version of DeviceOn, which is not vulnerable. For upgrade assistance, users should contact Advantech.

Added: Nov 6, 2025, 11:17 PM

Updated: Nov 6, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.9

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.9

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advantech DeviceOn/iEdge Insufficient Input Sanitization Vulnerability Allowing Information Disclosure and Data Manipulation

Vulnerability

Impact

Remediation

Affected Products

Advantech DeviceOn

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating