Webaccess/Vpn
Approved changes feed: RSS · Atom
cpe:2.3:a:advantech:webaccess/vpn:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Advantech (fedf766b-bee1-5692-bcc7-1aa8d9dc594c) |
|---|---|
| Product | Webaccess/Vpn (9f42e7eb-c7c0-5a40-9ccd-9c2e6b50e66b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-34247 |
vulnerable | 2026-06-03 15:00:44.303701 |
Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
Published: 2025-11-06T19:49:37.330Z
Updated: 2025-11-17T19:38:11.514Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34246 |
vulnerable | 2026-06-03 15:00:44.303374 |
Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
Published: 2025-11-06T19:49:01.611Z
Updated: 2025-11-17T19:38:11.350Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34245 |
vulnerable | 2026-06-03 15:00:44.302950 |
Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
Published: 2025-11-06T19:48:21.189Z
Updated: 2025-11-17T19:38:11.183Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34244 |
vulnerable | 2026-06-03 15:00:44.302505 |
Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
Published: 2025-11-06T19:47:41.796Z
Updated: 2025-11-17T19:38:11.026Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34243 |
vulnerable | 2026-06-03 15:00:44.302173 |
Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxNetworkFwRulesAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
Published: 2025-11-06T19:47:04.733Z
Updated: 2025-11-17T19:38:10.859Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34242 |
vulnerable | 2026-06-03 15:00:44.301842 |
Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
Published: 2025-11-06T19:46:20.183Z
Updated: 2025-11-17T19:38:10.701Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34241 |
vulnerable | 2026-06-03 15:00:44.301393 |
Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxDeviceController.ajaxDeviceAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
Published: 2025-11-06T19:45:39.944Z
Updated: 2025-11-17T19:38:10.537Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34240 |
vulnerable | 2026-06-03 15:00:44.301064 |
Advantech WebAccess/VPN < 1.1.5 SQL Injection via AppManagementController.appUpgradeAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
Published: 2025-11-06T19:45:02.692Z
Updated: 2025-11-17T19:38:10.379Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34239 |
vulnerable | 2026-06-03 15:00:44.300638 |
Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.
Published: 2025-11-06T19:44:18.796Z
Updated: 2025-11-17T19:38:10.205Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34238 |
vulnerable | 2026-06-03 15:00:44.300288 |
Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web user (www-data) can access.
Published: 2025-11-06T19:43:35.153Z
Updated: 2025-11-17T19:38:10.021Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34237 |
vulnerable | 2026-06-03 15:00:44.299820 |
Advantech WebAccess/VPN < 1.1.5 Stored XSS via StandaloneVpnClientsController.addStandaloneVpnClientAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Published: 2025-11-06T19:40:50.496Z
Updated: 2025-11-17T19:38:09.854Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-34236 |
vulnerable | 2026-06-03 15:00:44.298040 |
Advantech WebAccess/VPN < 1.1.5 Stored XSS via NetworksController.addNetworkAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Published: 2025-11-06T19:39:40.112Z
Updated: 2025-11-17T19:38:09.659Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.