CVE-2017-5154

CRITICAL

Advantech WebAccess 8.1 Post Authentication Credential Collector

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5154. PoCs published by h00die, sinn3r, including Metasploit module auxiliary/gather/advantech_webaccess_creds.

AI-analyzed exploit summary This Metasploit module exploits an information disclosure vulnerability in Advantech WebAccess 8.1 to collect credentials post-authentication. It logs in, enumerates users, and retrieves their passwords via unauthenticated access to administrative pages.

Description

An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.

Exploits (1)

metasploit WORKING POC
by h00die, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/advantech_webaccess_creds.rb

This Metasploit module exploits an information disclosure vulnerability in Advantech WebAccess 8.1 to collect credentials post-authentication. It logs in, enumerates users, and retrieves their passwords via unauthenticated access to administrative pages.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Advantech WebAccess 8.1
Auth required
Prerequisites: Valid credentials for initial login · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95410
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2017-04

Scores

CVSS v3 9.8
EPSS 0.0440
EPSS Percentile 90.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (2)
advantech/webaccess 8.1
n/a/Advantech WebAccess 8.1 Advantech WebAccess 8.1
Published Feb 13, 2017
Tracked Since Feb 18, 2026