HTTP: Advantech WebAccess Dashboard uploadFile Arbitrary File Upload
This signature detects attempts to exploit a known vulnerability against Dashboard component of Advantech WebAccess. Successful exploitation could allow the attacker to execute arbitrary code.
Extended Description
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Affected Products
Advantech webaccess
Short Name
HTTP:STC:ADVANTECH-WEBACCESS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Advantech Arbitrary CVE-2016-0854 Dashboard File Upload WebAccess uploadFile
Release Date
04/12/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3377
False Positive
Unknown
Vendors
Advantech
CVSS Score
10.0