SQL Injection Vulnerability in Advantech iView SNMP Management Tool
CVE-2022-50592

9.3CRITICAL

Key Information:

Vendor

Advantech
Status
Iview
Vendor
CVE Published:
6 November 2025

What is CVE-2022-50592?

Advantech iView versions prior to v5.7.04 build 6425 are susceptible to an authentication bypass within the SNMP management tool. This vulnerability allows remote attackers to exploit the 'getInventoryReportData' parameter in the 'NetworkServlet' endpoint, potentially leading to SQL injection. Successful exploitation can result in remote code execution with administrator privileges, granting attackers significant control of the affected system.

Affected Version(s)

iView 0 < 5.7.04 build 6425

References

https://www.advantech.tw/support/details/firmware?id=1-HI...
release-notespatch
https://blog.exodusintel.com/2022/03/01/advantech-iview-g...
technical-description
https://www.vulncheck.com/advisories/advantech-iview-geti...
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Exodus Intelligence
JSON
.
CVE-2022-50592 : SQL Injection Vulnerability in Advantech iView SNMP Management Tool