Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58423 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-21 | N/A | 8.8 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account. | |||||
| CVE-2025-64302 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-19 | N/A | 6.4 MEDIUM |
| Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation. | |||||
| CVE-2025-62630 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-19 | N/A | 8.8 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | |||||
| CVE-2025-59171 | 1 Advantech | 1 Deviceon\/iedge | 2025-11-19 | N/A | 7.5 HIGH |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | |||||
| CVE-2021-40389 | 1 Advantech | 1 Deviceon\/iedge | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||