Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
XXE vulnerabilities exist that may allow disclosure of sensitive data.
Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
Advantech phased out WISE-PaaS/RMM in July of 2019 and replaced this product with EdgeSense and DeviceOn.