High
CVE-2020-12022
An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
CVE-2020-12010
Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
CVE-2020-12006
Multiple relative path traversal vulnerabilities exist that may allow an attacker to overwrite files outside the application’s control.
CVE-2020-12026
Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
CVE-2020-12014
Input is not properly sanitized and may allow an attacker to inject SQL commands.
CVE-2020-12002
Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
CVE-2020-12018
An out-of-bounds vulnerability exists that may allow access to unauthorized data.
Advantech
For users currently using WebAccessNode Version 8.4.4 update to version :
For users currently using WebAccessNode Version 9.0.0 update to version :