cbcvebase.

Advantech R-Seenet vulnerabilities

40 known vulnerabilities affecting advantech/r-seenet.

Total CVEs
40
CISA KEV
0
Public exploits
6
Exploited in wild
2
Severity breakdown
CRITICAL6HIGH9MEDIUM25

Vulnerabilities

Page 2 of 2
CVE-2021-21911P3HIGHCVSS 7.8v2.4.152021-12-22
CVE-2021-21911 [HIGH] CWE-276 CVE-2021-21911: A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-S A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
nvd
CVE-2022-3387P3MEDIUMCVSS 5.3≤ 2.4.192022-10-27
CVE-2022-3387 [MEDIUM] CWE-22 CVE-2022-3387: Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthori Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.
nvd
CVE-2021-21933P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21933 [MEDIUM] CWE-89 CVE-2021-21933: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21925P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21925 [MEDIUM] CWE-89 CVE-2021-21925: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.
nvd
CVE-2021-21927P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21927 [MEDIUM] CWE-89 CVE-2021-21927: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter.
nvd
CVE-2021-21922P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21922 [MEDIUM] CWE-89 CVE-2021-21922: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery.
nvd
CVE-2021-21932P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21932 [MEDIUM] CWE-89 CVE-2021-21932: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21926P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21926 [MEDIUM] CWE-89 CVE-2021-21926: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter.
nvd
CVE-2021-21934P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21934 [MEDIUM] CWE-89 CVE-2021-21934: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21937P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21937 [MEDIUM] CWE-89 CVE-2021-21937: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21935P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21935 [MEDIUM] CWE-89 CVE-2021-21935: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21931P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21931 [MEDIUM] CWE-89 CVE-2021-21931: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21930P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21930 [MEDIUM] CWE-89 CVE-2021-21930: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21929P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21929 [MEDIUM] CWE-89 CVE-2021-21929: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21928P3MEDIUMCVSS 6.5v2.4.152021-12-22
CVE-2021-21928 [MEDIUM] CWE-89 CVE-2021-21928: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
nvd
CVE-2021-21919P4MEDIUMCVSS 4.9v2.4.152021-12-22
CVE-2021-21919 [MEDIUM] CWE-89 CVE-2021-21919: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
nvd
CVE-2021-21920P4MEDIUMCVSS 4.9v2.4.152021-12-22
CVE-2021-21920 [MEDIUM] CWE-89 CVE-2021-21920: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery.
nvd
CVE-2021-21921P4MEDIUMCVSS 4.9v2.4.152021-12-22
CVE-2021-21921 [MEDIUM] CWE-89 CVE-2021-21921: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery.
nvd
CVE-2021-21923P4MEDIUMCVSS 4.9v2.4.152021-12-22
CVE-2021-21923 [MEDIUM] CWE-89 CVE-2021-21923: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery.
nvd
CVE-2021-21918P4MEDIUMCVSS 4.9v2.4.152021-12-22
CVE-2021-21918 [MEDIUM] CWE-89 CVE-2021-21918: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
nvd
Advantech R-Seenet vulnerabilities | cvebase