CVE-2021-21804

8.1HIGH

Key Information

Vendor: Advantech
Status: Advantech
Vendor: CVE Published:; 16 July 2021

Summary

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.

Affected Version(s)

Advantech = Advantech R-SeeNet 2.4.12 (20.10.2020)

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 8.1 - (HIGH)
Feb 22, 2024
Vulnerability published.
Jul 16, 2021
Vulnerability Reserved.
Jan 4, 2021

Collectors

NVD DatabaseMitre Database