all InfoSec news
Advantech R-SeeNet snmpmon.ini Unauthenticated Read Write
Tenable Research Advisories www.tenable.com
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. This information includes database login credentials and a default SNMP community string.
The attacker can leverage this issue to launch further attacks. For example, the attacker can login to the product database, create an application-level SuperAdmin user and login to the product web UI as a SuperAdmin user.
Proof of Concept
# Get …
advantech attacker attacks community credentials database default file information issue login login credentials sensitive sensitive information snmp unauthenticated