Intrusion Prevention


This indicates an attack attempt to exploit a Path Traversal Vulnerability in Advantech WebAccess/NMS.
The vulnerability is due to insufficient input validation on file paths while processing the calls to download.jsp endpoint.
A remote, unauthenticated attacker can exploit this vulnerability by submitting a crafted request to the target server. Successful exploitation could delete or read arbitrary files on the target server under the security context of the SYSTEM.

Affected Products

Advantech WebAccess/NMS prior to 3.0.2


Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

CVE References


Other References