CVE-2017-16720

CRITICAL

Advantech WebAccess <= 8.3.2 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-16720. PoCs published by Chris Lyne, CN016.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Advantech WebAccess via DCE/RPC to execute arbitrary commands (e.g., calc.exe) on the target system. It binds to a specific interface and sends crafted RPC calls to trigger the vulnerability.

Description

A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Chris Lyne · pythonwebappswindows
https://www.exploit-db.com/exploits/44278

This exploit leverages a directory traversal vulnerability in Advantech WebAccess via DCE/RPC to execute arbitrary commands (e.g., calc.exe) on the target system. It binds to a specific interface and sends crafted RPC calls to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Advantech WebAccess < 8.3
No auth needed
Prerequisites: Network access to port 4592 · Target running vulnerable version of Advantech WebAccess
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by CN016 · poc
https://github.com/CN016/WebAccess-CVE-2017-16720-

This Python script exploits CVE-2017-16720, a vulnerability in Advantech WebAccess, by sending crafted DCERPC requests to execute arbitrary commands (e.g., launching calc.exe). It leverages the impacket library for DCERPC communication.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Advantech WebAccess (version not specified)
No auth needed
Prerequisites: Network access to target on port 4592 · Python 2.7 with impacket library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44278/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102424
Broken Link, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2018-23

Scores

CVSS v3 9.8
EPSS 0.5031
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
advantech/webaccess < 8.3.2
Published Jan 05, 2018
Tracked Since Feb 18, 2026