CVE-2021-21804
published 2021-07-16CVE-2021-21804: A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.71%
88.4th percentile
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | r-seenet | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
blogs_talos·2021-07-15·CVSS 6.1
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
The Talos vulnerability research team discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software.
R-SeeNet is the software system used for monitoring Advantech routers. It continuously collects information from individual routers in the network and records the data into a SQL database. The vulnerabilities Talos discovered exist in various scripts inside of R-SeeNet's web applications.
TALOS-2021-1270 (CVE-2021-21799), TALOS-2021-1271 (CVE-2021-21800) and TALOS-2021-1272 (CVE-2021-21801 - CVE-2021-21803) are all vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the context of the targeted user's browser. An adversary could exploit any of these vulnerabilit
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
blogs_talos·2021-07-15·CVSS 6.1
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
## Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
The Talos vulnerability research team discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software.
R-SeeNet is the software system used for monitoring Advantech routers. It continuously collects information from individual routers in the network and records the data into a SQL database. The vulnerabilities Talos discovered exist in various scripts inside of R-SeeNet's web applications.
TALOS-2021-1270 (CVE-2021-21799), TALOS-2021-1271 (CVE-2021-21800) and TALOS-2021-1272 (CVE-2021-21801 - CVE-2021-21803) are all vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the context of the t
2021-07-16
Published