Advantech Webaccessvpn

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Advantech Webaccessvpn.

By the Year

In 2026 there have been 0 vulnerabilities in Advantech Webaccessvpn. Last year, in 2025 Webaccessvpn had 12 security vulnerabilities published. Right now, Webaccessvpn is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	12	0.00

It may take a day or so for new Webaccessvpn vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Advantech Webaccessvpn Security Vulnerabilities

Advantech WebAccess VPN 1.1.5 SQLi via NetworksController.addNetworkAction()
CVE-2025-34247 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

SQL Injection

Advantech WebAccess/VPN <1.1.5: SQLi via AjaxPrevalidationController
CVE-2025-34246 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

SQL Injection

Advantech WebAccess/VPN SQLi prior to 1.1.5 via AjaxStandaloneVpnClientsController
CVE-2025-34245 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

SQL Injection

SQLi in Advantech WebAccess/VPN <1.1.5 via AjaxFwRulesController
CVE-2025-34244 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

SQL Injection

SQLi in Advantech WebAccess/VPN <1.1.5 via AjaxFwRulesController
CVE-2025-34243 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

SQL Injection

Advantech WebAccess/VPN <=1.1.4: Auth observer SQLi via AjaxNetworkController
CVE-2025-34242 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

SQL Injection

Advantech WebAccess/VPN <=1.1.4: SQLi in AjaxDeviceController
CVE-2025-34241 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

SQL Injection

SQLi via AuthObs in Advantech WebAcc/VPN <1.1.5 AppMgmtCtrl.appUpgradeAction()
CVE-2025-34240 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

SQL Injection

Advantech WebAccess/VPN <1.1.5: Auth Cmd Injection via AppMgmtCtrl
CVE-2025-34239 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.

Shell injection

Advantech WebAccess/VPN <1.1.5: Authenticated Path Traversal Exploit
CVE-2025-34238 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web user (www-data) can access.

Directory traversal

Advantech WebAccess/VPN <1.1.5 XSS via addStandaloneVpnClientAction()
CVE-2025-34237 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

XSS

Advantech WebAccess/VPN <1.1.5 XSS via NetworksController.addNetworkAction()
CVE-2025-34236 - November 06, 2025

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Advantech Webaccessvpn or by Advantech? Click the Watch button to subscribe.

Advantech
Vendor

Advantech Webaccessvpn
Product

Advantech Webaccessvpn

Don't miss out!

By the Year

Recent Advantech Webaccessvpn Security Vulnerabilities

Advantech WebAccess VPN 1.1.5 SQLi via NetworksController.addNetworkAction() CVE-2025-34247 - November 06, 2025

Advantech WebAccess/VPN <1.1.5: SQLi via AjaxPrevalidationController CVE-2025-34246 - November 06, 2025

Advantech WebAccess/VPN SQLi prior to 1.1.5 via AjaxStandaloneVpnClientsController CVE-2025-34245 - November 06, 2025

SQLi in Advantech WebAccess/VPN <1.1.5 via AjaxFwRulesController CVE-2025-34244 - November 06, 2025

SQLi in Advantech WebAccess/VPN <1.1.5 via AjaxFwRulesController CVE-2025-34243 - November 06, 2025

Advantech WebAccess/VPN <=1.1.4: Auth observer SQLi via AjaxNetworkController CVE-2025-34242 - November 06, 2025

Advantech WebAccess/VPN <=1.1.4: SQLi in AjaxDeviceController CVE-2025-34241 - November 06, 2025

SQLi via AuthObs in Advantech WebAcc/VPN <1.1.5 AppMgmtCtrl.appUpgradeAction() CVE-2025-34240 - November 06, 2025

Advantech WebAccess/VPN <1.1.5: Auth Cmd Injection via AppMgmtCtrl CVE-2025-34239 - November 06, 2025

Advantech WebAccess/VPN <1.1.5: Authenticated Path Traversal Exploit CVE-2025-34238 - November 06, 2025

Advantech WebAccess/VPN <1.1.5 XSS via addStandaloneVpnClientAction() CVE-2025-34237 - November 06, 2025

Advantech WebAccess/VPN <1.1.5 XSS via NetworksController.addNetworkAction() CVE-2025-34236 - November 06, 2025

Stay on top of Security Vulnerabilities

Advantech Vendor

Advantech WebaccessvpnProduct

Advantech WebAccess VPN 1.1.5 SQLi via NetworksController.addNetworkAction()
CVE-2025-34247 - November 06, 2025

Advantech WebAccess/VPN <1.1.5: SQLi via AjaxPrevalidationController
CVE-2025-34246 - November 06, 2025

Advantech WebAccess/VPN SQLi prior to 1.1.5 via AjaxStandaloneVpnClientsController
CVE-2025-34245 - November 06, 2025

SQLi in Advantech WebAccess/VPN <1.1.5 via AjaxFwRulesController
CVE-2025-34244 - November 06, 2025

SQLi in Advantech WebAccess/VPN <1.1.5 via AjaxFwRulesController
CVE-2025-34243 - November 06, 2025

Advantech WebAccess/VPN <=1.1.4: Auth observer SQLi via AjaxNetworkController
CVE-2025-34242 - November 06, 2025

Advantech WebAccess/VPN <=1.1.4: SQLi in AjaxDeviceController
CVE-2025-34241 - November 06, 2025

SQLi via AuthObs in Advantech WebAcc/VPN <1.1.5 AppMgmtCtrl.appUpgradeAction()
CVE-2025-34240 - November 06, 2025

Advantech WebAccess/VPN <1.1.5: Auth Cmd Injection via AppMgmtCtrl
CVE-2025-34239 - November 06, 2025

Advantech WebAccess/VPN <1.1.5: Authenticated Path Traversal Exploit
CVE-2025-34238 - November 06, 2025

Advantech WebAccess/VPN <1.1.5 XSS via addStandaloneVpnClientAction()
CVE-2025-34237 - November 06, 2025

Advantech WebAccess/VPN <1.1.5 XSS via NetworksController.addNetworkAction()
CVE-2025-34236 - November 06, 2025

Advantech
Vendor

Advantech Webaccessvpn
Product