Sign-up

ID

VAR-202004-0077


CVE

CVE-2020-10617


TITLE

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

Trust: 10.5

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-424 // ZDI: ZDI-20-434 // ZDI: ZDI-20-437 // ZDI: ZDI-20-430 // ZDI: ZDI-20-404 // ZDI: ZDI-20-435 // ZDI: ZDI-20-407 // ZDI: ZDI-20-417 // ZDI: ZDI-20-441

DESCRIPTION

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the getManagedDeviceByIP method of the DBUtil class. When parsing the deviceIP parameter of the upgBkpResults endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech WebAccess/NMS is a set of Web browser-based Network Management System (NMS) software package developed by China Taiwan Advantech Corporation. There is a SQL injection vulnerability in Advantech WebAccess/NMS versions earlier than 3.0.2

Trust: 12.33

sources: NVD: CVE-2020-10617 // ZDI: ZDI-20-374 // ZDI: ZDI-20-441 // ZDI: ZDI-20-417 // ZDI: ZDI-20-411 // ZDI: ZDI-20-407 // ZDI: ZDI-20-435 // ZDI: ZDI-20-404 // ZDI: ZDI-20-430 // ZDI: ZDI-20-438 // ZDI: ZDI-20-434 // ZDI: ZDI-20-424 // ZDI: ZDI-20-432 // ZDI: ZDI-20-396 // ZDI: ZDI-20-416 // ZDI: ZDI-20-395 // ZDI: ZDI-20-439 // ZDI: ZDI-20-412 // ZDI: ZDI-20-437 // VULHUB: VHN-163113

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/nmsscope: - version: -

Trust: 12.6

vendor:advantechmodel:webaccess\/nmsscope:ltversion:3.0.2

Trust: 1.0

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-424 // ZDI: ZDI-20-434 // ZDI: ZDI-20-437 // ZDI: ZDI-20-430 // ZDI: ZDI-20-404 // ZDI: ZDI-20-435 // ZDI: ZDI-20-407 // ZDI: ZDI-20-411 // ZDI: ZDI-20-417 // ZDI: ZDI-20-441 // NVD: CVE-2020-10617

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-10617
value: HIGH

Trust: 12.6

nvd@nist.gov: CVE-2020-10617
value: HIGH

Trust: 1.0

VULHUB: VHN-163113
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-10617
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-163113
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-10617
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 12.6

nvd@nist.gov: CVE-2020-10617
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-424 // ZDI: ZDI-20-434 // ZDI: ZDI-20-437 // ZDI: ZDI-20-430 // ZDI: ZDI-20-404 // ZDI: ZDI-20-435 // ZDI: ZDI-20-407 // ZDI: ZDI-20-411 // ZDI: ZDI-20-417 // ZDI: ZDI-20-441 // VULHUB: VHN-163113 // NVD: CVE-2020-10617

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

sources: VULHUB: VHN-163113 // NVD: CVE-2020-10617

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 12.6

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-424 // ZDI: ZDI-20-434 // ZDI: ZDI-20-437 // ZDI: ZDI-20-430 // ZDI: ZDI-20-404 // ZDI: ZDI-20-435 // ZDI: ZDI-20-407 // ZDI: ZDI-20-411 // ZDI: ZDI-20-417 // ZDI: ZDI-20-441

EXTERNAL IDS

db:NVDid:CVE-2020-10617

Trust: 13.7

db:ICS CERTid:ICSA-20-098-01

Trust: 1.1

db:ZDI_CANid:ZDI-CAN-9820

Trust: 0.7

db:ZDIid:ZDI-20-438

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9567

Trust: 0.7

db:ZDIid:ZDI-20-374

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9765

Trust: 0.7

db:ZDIid:ZDI-20-412

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9821

Trust: 0.7

db:ZDIid:ZDI-20-439

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9589

Trust: 0.7

db:ZDIid:ZDI-20-395

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9776

Trust: 0.7

db:ZDIid:ZDI-20-416

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9601

Trust: 0.7

db:ZDIid:ZDI-20-396

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9814

Trust: 0.7

db:ZDIid:ZDI-20-432

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9803

Trust: 0.7

db:ZDIid:ZDI-20-424

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9816

Trust: 0.7

db:ZDIid:ZDI-20-434

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9819

Trust: 0.7

db:ZDIid:ZDI-20-437

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9812

Trust: 0.7

db:ZDIid:ZDI-20-430

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9629

Trust: 0.7

db:ZDIid:ZDI-20-404

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9817

Trust: 0.7

db:ZDIid:ZDI-20-435

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9699

Trust: 0.7

db:ZDIid:ZDI-20-407

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9760

Trust: 0.7

db:ZDIid:ZDI-20-411

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9777

Trust: 0.7

db:ZDIid:ZDI-20-417

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9823

Trust: 0.7

db:ZDIid:ZDI-20-441

Trust: 0.7

db:CNVDid:CNVD-2020-22316

Trust: 0.1

db:CNNVDid:CNNVD-202004-397

Trust: 0.1

db:VULHUBid:VHN-163113

Trust: 0.1

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-424 // ZDI: ZDI-20-434 // ZDI: ZDI-20-437 // ZDI: ZDI-20-430 // ZDI: ZDI-20-404 // ZDI: ZDI-20-435 // ZDI: ZDI-20-407 // ZDI: ZDI-20-411 // ZDI: ZDI-20-417 // ZDI: ZDI-20-441 // VULHUB: VHN-163113 // NVD: CVE-2020-10617

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 13.7

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-424 // ZDI: ZDI-20-434 // ZDI: ZDI-20-437 // ZDI: ZDI-20-430 // ZDI: ZDI-20-404 // ZDI: ZDI-20-435 // ZDI: ZDI-20-407 // ZDI: ZDI-20-411 // ZDI: ZDI-20-417 // ZDI: ZDI-20-441 // VULHUB: VHN-163113 // NVD: CVE-2020-10617

CREDITS

rgod of 9sg

Trust: 11.9

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-432 // ZDI: ZDI-20-424 // ZDI: ZDI-20-434 // ZDI: ZDI-20-437 // ZDI: ZDI-20-430 // ZDI: ZDI-20-404 // ZDI: ZDI-20-435 // ZDI: ZDI-20-407 // ZDI: ZDI-20-417 // ZDI: ZDI-20-441

SOURCES

db:ZDIid:ZDI-20-438
db:ZDIid:ZDI-20-374
db:ZDIid:ZDI-20-412
db:ZDIid:ZDI-20-439
db:ZDIid:ZDI-20-395
db:ZDIid:ZDI-20-416
db:ZDIid:ZDI-20-396
db:ZDIid:ZDI-20-432
db:ZDIid:ZDI-20-424
db:ZDIid:ZDI-20-434
db:ZDIid:ZDI-20-437
db:ZDIid:ZDI-20-430
db:ZDIid:ZDI-20-404
db:ZDIid:ZDI-20-435
db:ZDIid:ZDI-20-407
db:ZDIid:ZDI-20-411
db:ZDIid:ZDI-20-417
db:ZDIid:ZDI-20-441
db:VULHUBid:VHN-163113
db:NVDid:CVE-2020-10617

LAST UPDATE DATE

2026-02-08T23:11:06.091000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-438date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-374date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-412date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-439date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-395date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-416date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-396date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-432date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-424date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-434date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-437date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-430date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-404date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-435date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-407date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-411date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-417date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-441date:2020-04-08T00:00:00
db:VULHUBid:VHN-163113date:2020-04-09T00:00:00
db:NVDid:CVE-2020-10617date:2024-11-21T04:55:42.477

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-438date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-374date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-412date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-439date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-395date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-416date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-396date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-432date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-424date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-434date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-437date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-430date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-404date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-435date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-407date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-411date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-417date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-441date:2020-04-08T00:00:00
db:VULHUBid:VHN-163113date:2020-04-09T00:00:00
db:NVDid:CVE-2020-10617date:2020-04-09T14:15:12.510