Advantech.WA.NMS.SupportDeviceaddAction.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in Advantech WebAccess/NMS.
The vulnerability is due to insufficient input validation on file paths in the SupportDeviceaddAction servlet. Unauthenticated remote attackers could exploit this vulnerability by uploading specially crafted executable files to the server. This can lead to arbitrary code execution with SYSTEM privileges.
Affected Products
Advantech WebAccess/NMS prior to 3.0.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.advantech.com/products/828e8fed-6112-4965-a485-1b8551fe0b25/webaccess-nms/mod_a575e526-9b42-4747-b8f0-c13431751a03
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |