Intrusion Prevention



This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in Advantech WebAccess/NMS.
The vulnerability is due to insufficient input validation on file paths in the SupportDeviceaddAction servlet. Unauthenticated remote attackers could exploit this vulnerability by uploading specially crafted executable files to the server. This can lead to arbitrary code execution with SYSTEM privileges.

Affected Products

Advantech WebAccess/NMS prior to 3.0.2


System Compromise: Remote attackers can gain control of vulnerable systems.

CVE References