Security News > 2021 > July > Cisco Discloses Details of Critical Advantech Router Tool Vulnerabilities
Cisco's Talos threat intelligence and research unit has disclosed the details of several critical vulnerabilities affecting a router monitoring application made by Taiwan-based industrial and IoT solutions provider Advantech.
The affected tool is R-SeeNet, which is designed to help network administrators monitor their Advantech routers.
Talos researchers discovered that R-SeeNet is affected by seven vulnerabilities, a majority of which have been assigned a critical severity rating.
An attacker can exploit the vulnerabilities to execute arbitrary JavaScript code in the targeted user's browser by getting them to click on a malicious link, execute arbitrary OS commands using specially crafted HTTP requests, or execute PHP commands via malicious HTTP requests.
The vulnerabilities have been found in R-SeeNet version 2.4.12 and were reported to Advantech in March.
Many of the vulnerabilities identified in Advantech products are reported to the vendor through Trend Micro's Zero Day Initiative.
News URL
Related news
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)