CVE-2021-21804
CVE-2021-21804
In short
A vulnerability in Advantech R-SeeNet allows attackers to include and execute arbitrary PHP code by sending specially crafted requests to the options.php file. This can give attackers full control over the affected system.
Technical detail
Local file inclusion (LFI) vulnerability in options.php of Advantech R-SeeNet v2.4.12 enables arbitrary PHP code execution through crafted HTTP requests. The attack requires network access to the vulnerable endpoint and results in remote code execution with the privileges of the web server process.
Summary generated and translated by AI from the official description.
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · AdvantechWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →