CVE-2018-15705

moderate-risk

Published 2018-10-31

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.

Do I need to act?

6.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45774

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (2)

Webaccess

Affected Vendors

Advantech

References (4)

Exploit https://www.exploit-db.com/exploits/45774/

Exploit https://www.tenable.com/security/research/tra-2018-35

Exploit https://www.exploit-db.com/exploits/45774/

Exploit https://www.tenable.com/security/research/tra-2018-35

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 9/34 · Low

Exposure 7/34 · Low