High Published: Nov 06, 2025 Modified: Nov 24, 2025

CVE-2022-50594

7.5 CVSS SCORE

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Affected Software Configurations

a advantech iview * * * * * * * *

Weaknesses (CWE)

CWE-89
CWE-89

References & External Links

https://blog.exodusintel.com/2022/03/01/advantech-iview-page_action_service-parameter-sql-injection-remote-code-execution-vulnerability/
https://www.advantech.tw/support/details/firmware?id=1-HIPU-183
https://www.vulncheck.com/advisories/advantech-iview-data-parameter-sqli-information-disclosure

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker