cbcvebase.

Advantech Deviceon Iedge vulnerabilities

5 known vulnerabilities affecting advantech/deviceon_iedge.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-59171P2CRITICALCVSS 9.8≤ 2.0.22025-11-06
CVE-2025-59171 [CRITICAL] CWE-22 CVE-2025-59171: Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
nvd
CVE-2025-62630P2CRITICALCVSS 9.8≤ 2.0.22025-11-06
CVE-2025-62630 [CRITICAL] CWE-22 CVE-2025-62630: Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
nvd
CVE-2025-58423P3HIGHCVSS 8.8≤ 2.0.22025-11-06
CVE-2025-58423 [HIGH] CWE-22 CVE-2025-58423: Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account.
nvd
CVE-2021-40389P3HIGHCVSS 8.8v1.0.22022-01-28
CVE-2021-40389 [HIGH] CWE-276 CVE-2021-40389: A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1 A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
nvd
CVE-2025-64302P4MEDIUMCVSS 5.4≤ 2.0.22025-11-06
CVE-2025-64302 [MEDIUM] CWE-79 CVE-2025-64302: Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a d Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation.
nvd
Advantech Deviceon Iedge vulnerabilities | cvebase