Buffer Overflow vulnerability in Advantech WebAccess

Gamboma Overview :
In WebAccess versions 8.4.1 and prior, multiple stack based buffer overflow vulnerabilities are detected by a lack of proper validation of the length of user given data. Exploitation of these vulnerabilities will allow remote code execution.
purchase Pregabalin online Affected Product(s) :
WebAccess versions 8.4.1
Vulnerability Details :
Code Injection, Command Injection, Stack-based Buffer Overflow, Improper Authorization
CVE ID : CVE-2019-13558
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CVE ID : CVE-2019-13556
A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE ID : CVE-2019-13552
A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE ID : CVE-2019-13550
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.

Solution : Advantech has released Version 8.4.2 of WebAccessNode to address the reported vulnerabilities. Users can download the latest version of WebAccessNode.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-7261 : ZYXEL NWA1123ACV3/WAC500/WAX655E/WBE530/USG LITE 60AX COOKIE HOST OS COMMAND INJECTION

CVE-2024-7261 : ZYXEL NWA1123ACV3/WAC500/WAX655E/WBE530/USG LITE 60AX COOKIE HOST OS COMMAND INJECTION

Description The improper neutralization of special elements in the parameter “host” in the CGI program of Zyxel NWA1123ACv3 firmware version

CVE-2024-1621 : NT-WARE UNIFLOW ONLINE UP TO 2024.1.0 REGISTRATION VERIFICATION OF SOURCE

CVE-2024-1621 : NT-WARE UNIFLOW ONLINE UP TO 2024.1.0 REGISTRATION VERIFICATION OF SOURCE

Description The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when

CVE-2024-45623 : D-LINK DAP-2310 1.16RC028 ATP BINARY STACK-BASED OVERFLOW

CVE-2024-45623 : D-LINK DAP-2310 1.16RC028 ATP BINARY STACK-BASED OVERFLOW

Description D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in