Arbitrary OS Command Execution in Advantech WebAccess 8.3.0

Arbitrary OS Command Execution in Advantech WebAccess 8.3.0

CVE-2018-6911 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).

Learn more about our Web App Pen Testing.