Advantech iView <5.7.04 SQL injection via SNMP
CVE-2022-50591 Published on November 6, 2025
Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ztp_config_id parameter to the NetworkServlet endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.
Timeline
Exodus Intelligence publicly discloses technical details of vulnerability.
Advantech releases patched version - 5.7.04 build 6425.
Weakness Types
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2022-50591 has been classified to as a SQL Injection vulnerability or weakness.
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2022-50591
Want to know whenever a new CVE is published for Advantech Iview? stack.watch will email you.
Affected Versions
Advantech iView:- Before 5.7.04 build 6425 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.