Rewterz Threat Alert – Data URLs and HTML Entities in New WordPress Malware
November 4, 2019Rewterz Threat Advisory – BlueKeep (CVE 2019-0708) Exploitation Spotted in the Wild
November 4, 2019Rewterz Threat Alert – Data URLs and HTML Entities in New WordPress Malware
November 4, 2019Rewterz Threat Advisory – BlueKeep (CVE 2019-0708) Exploitation Spotted in the Wild
November 4, 2019Severity
High
Analysis summary
CVE-2019-13551
Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
CVE-2019-13547
There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
CVE-2019-18227
XXE vulnerabilities exist that may allow disclosure of sensitive data.
CVE-2019-18229
Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
Impact
- Path Traversal
- Missing Authorization
- Improper Restriction of XML External Entity Reference
- SQL Injection
Affected Vendors
Advantech
Affected Products
WISE-PaaS/RMM
Remediation
Advantech phased out WISE-PaaS/RMM in July of 2019 and replaced this product with EdgeSense and DeviceOn.