Advantech R Seenet

Do you want an email whenever new security vulnerabilities are reported in Advantech R Seenet?

By the Year

In 2023 there have been 3 vulnerabilities in Advantech R Seenet with an average score of 9.2 out of ten. Last year R Seenet had 3 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.93.

Year	Vulnerabilities	Average Score
2023	3	9.23
2022	3	8.30
2021	30	6.69
2020	1	7.50
2019	0	0.00
2018	0	0.00

It may take a day or so for new R Seenet vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Advantech R Seenet Security Vulnerabilities

Advantech R-SeeNet v2.4.23

CVE-2023-5642 9.8 - Critical - October 18, 2023

Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list

CVE-2023-2611 9.8 - Critical - June 22, 2023

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.

Use of Hard-coded Credentials

Advantech R-SeeNet versions 2.4.22

CVE-2023-3256 8.1 - High - June 22, 2023

Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.

Externally Controlled Reference to a Resource in Another Sphere

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow

CVE-2022-3385 9.8 - Critical - October 27, 2022

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.

Memory Corruption

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow

CVE-2022-3386 9.8 - Critical - October 27, 2022

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.

Memory Corruption

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks

CVE-2022-3387 5.3 - Medium - October 27, 2022

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.

Directory traversal

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21925 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at firm_filter parameter.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21928 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at mac_filter parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21924 6.5 - Medium - December 22, 2021

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21923 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at company_filter parameter with the administrative account or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21927 6.5 - Medium - December 22, 2021

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21922 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at username_filter parameter with the administrative account or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21921 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at name_filter parameter with the administrative account or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21920 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at surname_filter parameter with the administrative account or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21919 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21918 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at name_filter parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.

SQL Injection

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21917 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'ord parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21916 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21915 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at company_filter parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21929 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at prod_filter parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21926 6.5 - Medium - December 22, 2021

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21937 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at host_alt_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21936 8.8 - High - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at health_alt_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21935 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at host_alt_filter2 parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21934 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at imei_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21933 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at esn_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21932 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at name_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21931 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at stat_filter parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21930 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at sn_filter parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21805 9.8 - Critical - August 05, 2021

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.

Shell injection

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21799 6.1 - Medium - July 16, 2021

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted users browser. An attacker can provide a crafted URL to trigger this vulnerability.

XSS

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21800 6.1 - Medium - July 16, 2021

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted users browser. An attacker can provide a crafted URL to trigger this vulnerability.

XSS

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21804 9.8 - Critical - July 16, 2021

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.

Inclusion of Functionality from Untrusted Control Sphere

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21801 6.1 - Medium - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.

XSS

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21802 6.1 - Medium - July 16, 2021

XSS

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21803 6.1 - Medium - July 16, 2021

XSS

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which

CVE-2020-25157 7.5 - High - October 20, 2020

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.

SQL Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Advantech R Seenet or by Advantech? Click the Watch button to subscribe.

Advantech
Vendor

Advantech R Seenet
Product

Advantech R Seenet

By the Year

Recent Advantech R Seenet Security Vulnerabilities

Advantech R-SeeNet v2.4.23 CVE-2023-5642 9.8 - Critical - October 18, 2023

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list CVE-2023-2611 9.8 - Critical - June 22, 2023

Advantech R-SeeNet versions 2.4.22 CVE-2023-3256 8.1 - High - June 22, 2023

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow CVE-2022-3385 9.8 - Critical - October 27, 2022

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow CVE-2022-3386 9.8 - Critical - October 27, 2022

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks CVE-2022-3387 5.3 - Medium - October 27, 2022

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21925 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21928 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21924 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21923 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21927 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21922 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21921 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21920 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21919 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21918 4.9 - Medium - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021) CVE-2021-21917 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021) CVE-2021-21916 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021) CVE-2021-21915 8.8 - High - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21929 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21926 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21937 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21936 8.8 - High - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21935 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21934 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21933 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21932 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21931 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection CVE-2021-21930 6.5 - Medium - December 22, 2021

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020) CVE-2021-21805 9.8 - Critical - August 05, 2021

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020) CVE-2021-21799 6.1 - Medium - July 16, 2021

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020) CVE-2021-21800 6.1 - Medium - July 16, 2021

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020) CVE-2021-21804 9.8 - Critical - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications CVE-2021-21801 6.1 - Medium - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications CVE-2021-21802 6.1 - Medium - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications CVE-2021-21803 6.1 - Medium - July 16, 2021

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which CVE-2020-25157 7.5 - High - October 20, 2020

Stay on top of Security Vulnerabilities

Advantech Vendor

Advantech R SeenetProduct

Advantech R-SeeNet v2.4.23

CVE-2023-5642 9.8 - Critical - October 18, 2023

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list

CVE-2023-2611 9.8 - Critical - June 22, 2023

Advantech R-SeeNet versions 2.4.22

CVE-2023-3256 8.1 - High - June 22, 2023

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow

CVE-2022-3385 9.8 - Critical - October 27, 2022

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow

CVE-2022-3386 9.8 - Critical - October 27, 2022

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks

CVE-2022-3387 5.3 - Medium - October 27, 2022

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21925 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21928 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21924 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21923 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21927 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21922 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21921 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21920 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21919 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21918 4.9 - Medium - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21917 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21916 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21915 8.8 - High - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21929 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21926 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21937 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21936 8.8 - High - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21935 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21934 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21933 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21932 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21931 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21930 6.5 - Medium - December 22, 2021

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21805 9.8 - Critical - August 05, 2021

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21799 6.1 - Medium - July 16, 2021

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21800 6.1 - Medium - July 16, 2021

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21804 9.8 - Critical - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21801 6.1 - Medium - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21802 6.1 - Medium - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21803 6.1 - Medium - July 16, 2021

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which

CVE-2020-25157 7.5 - High - October 20, 2020

Advantech
Vendor

Advantech R Seenet
Product