SQL Injection Vulnerability in Advantech iView SNMP Tool
CVE-2022-50595

9.3CRITICAL

Key Information:

Vendor

Advantech
Status
Iview
Vendor
CVE Published:
6 November 2025

What is CVE-2022-50595?

The Advantech iView SNMP management tool prior to version 5.7.04 build 6425 is vulnerable to an SQL injection via the ‘ztp_search_value’ parameter in the ‘NetworkServlet’ endpoint. This vulnerability allows remote attackers to bypass authentication checks and potentially execute arbitrary code with administrator privileges. Organizations using affected iView versions should update their software to mitigate this serious security risk.

Affected Version(s)

iView 0 < 5.7.04 build 6425

References

https://www.advantech.tw/support/details/firmware?id=1-HI...
release-notespatch
https://blog.exodusintel.com/2022/03/01/advantech-iview-z...
technical-description
https://www.vulncheck.com/advisories/advantech-iview-ztps...
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Exodus Intelligence
JSON
.
CVE-2022-50595 : SQL Injection Vulnerability in Advantech iView SNMP Tool