Main Vulnerability Database Exploits ID:5979 - Exploit for Path traversal in Advantech WebAccess - CVE-2018-15705

ID:5979 - Exploit for Path traversal in Advantech WebAccess - CVE-2018-15705

Published: June 17, 2021

Vulnerability identifier: #VU15805

Vulnerability risk: Medium

CVE-ID: CVE-2018-15705

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Advantech WebAccess

Link to public exploit:

https://www.exploit-db.com/exploits/45774/

Vulnerability description

The vulnerability allows a remote attacker to overwrite arbitrary file on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences in WADashboard API. A remote authenticated attacker can send a specially crafted HTTP request to the writeFile API and overwrite arbitrary files on the system.

Remediation

Install updates from vendor's website.

ID:5979 - Exploit for Path traversal in Advantech WebAccess - CVE-2018-15705

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human