Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21922 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21921 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21919 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | |||||
| CVE-2021-21936 | 1 Advantech | 1 R-seenet | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21928 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21925 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter. | |||||
| CVE-2021-21935 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21926 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter. | |||||
| CVE-2021-21923 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21937 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21927 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter. | |||||
| CVE-2021-21917 | 1 Advantech | 1 R-seenet | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21805 | 1 Advantech | 1 R-seenet | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21800 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
| CVE-2021-21801 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
| CVE-2021-21802 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
| CVE-2021-21803 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
| CVE-2021-21804 | 1 Advantech | 1 R-seenet | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21799 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
| CVE-2020-25157 | 1 Advantech | 1 R-seenet | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. | |||||