Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

Published

2025-11-06T20:15:37.373

Last Modified

2025-11-24T18:54:19.717

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-89
CWE-306
Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	advantech	iview	< 5.7.04.6425	Yes

References

https://blog.exodusintel.com/2022/03/01/advantech-iview-getinventoryreportdata-parameter-sql-injection-information-disclosure/ Third Party Advisory ([email protected])
https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 Vendor Advisory ([email protected])
https://www.vulncheck.com/advisories/advantech-iview-getinventoryreportdata-parameter-sqli-rce Third Party Advisory ([email protected])