Advantech R-SeeNet snmpmon.ini Unauthenticated Read Write | allinfosecnews.com

Oct. 18, 2023, 2:53 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Advantech R-SeeNet snmpmon.ini Unauthenticated Read Write

Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. This information includes database login credentials and a default SNMP community string.

The attacker can leverage this issue to launch further attacks. For example, the attacker can login to the product database, create an application-level SuperAdmin user and login to the product web UI as a SuperAdmin user.

Proof of Concept


# Get …

advantech attacker attacks community credentials database default file information issue login login credentials sensitive sensitive information snmp unauthenticated

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 2 weeks ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 2 weeks ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 2 weeks, 2 days ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 4 weeks ago | www.tenable.com

application attachment cookie date +14

LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com

assistant led vulnerabilities

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com

arcserve data data protection protection +1

Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com

analytics azure azure synapse caching +8

Showdownjs Denial of Service 2 months ago | www.tenable.com

can command concept conditions +17

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com

accesstoken admin adobe authentication +9

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote

View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US

View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA

View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco

View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700

View on infosec-jobs.com