Advantech iView before v5.7.04: SNMP Auth Bypass + SQLi RCE
CVE-2022-50592 Published on November 6, 2025
Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the getInventoryReportData parameter to the NetworkServlet endpoint. Successful exploitation allows for remote code execution with administrator privileges.
Timeline
Exodus Intelligence publicly discloses technical details of vulnerability.
Advantech releases patched version - 5.7.04 build 6425.
Weakness Types
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2022-50592 has been classified to as a SQL Injection vulnerability or weakness.
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2022-50592
Want to know whenever a new CVE is published for Advantech Iview? stack.watch will email you.
Affected Versions
Advantech iView:- Before 5.7.04 build 6425 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.