Intrusion Prevention

Advantech.WA.NMS.SupportDeviceaddAction.Arbitrary.File.Upload

Description

This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in Advantech WebAccess/NMS.
The vulnerability is due to insufficient input validation on file paths in the SupportDeviceaddAction servlet. Unauthenticated remote attackers could exploit this vulnerability by uploading specially crafted executable files to the server. This can lead to arbitrary code execution with SYSTEM privileges.

Affected Products

Advantech WebAccess/NMS prior to 3.0.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

CVE References

CVE-2020-10621

Other References

ICSA-20-098-01