CVE-2022-2143
CRITICALProduct <Version> - Command Injection
Title source: llmDescription
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
Exploits (1)
metasploit
WORKING POC
EXCELLENT
by rgod, y4er, Shelby Pace · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/advantech_iview_networkservlet_cmd_inject.rb
Scores
CVSS v3
9.8
EPSS
0.5831
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
advantech/iview
< 5.7.04.6469
Published
Jul 22, 2022
Tracked Since
Feb 18, 2026