CVE-2018-15705

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
31/10/2018
Last modified:
12/12/2018

Description

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:advantech:webaccess:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:advantech:webaccess:8.3.2:*:*:*:*:*:*:*