CVE-2022-2143

CRITICAL

Product <Version> - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-2143. PoCs published by rgod, y4er, Shelby Pace, including Metasploit module exploits/windows/http/advantech_iview_networkservlet_cmd_inject.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated command injection vulnerability in Advantech iView's NetworkServlet endpoint via the `backup_file` parameter in `mysqldump` commands. It achieves RCE as NT AUTHORITY\SYSTEM by writing a malicious JSP file to the target system.

Description

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.

Exploits (1)

metasploit WORKING POC EXCELLENT

by rgod, y4er, Shelby Pace · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/advantech_iview_networkservlet_cmd_inject.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated command injection vulnerability in Advantech iView's NetworkServlet endpoint via the `backup_file` parameter in `mysqldump` commands. It achieves RCE as NT AUTHORITY\SYSTEM by writing a malicious JSP file to the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Advantech iView < 5.7.04.6469

No auth needed

Prerequisites: Network access to the target's iView interface (port 8080 by default) · Target running vulnerable version of Advantech iView

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/168108/Advantech-iView-NetworkServlet-Command-Injection.html

Scores

CVSS v3 9.8

EPSS 0.5918

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

advantech/iview < 5.7.04.6469

Published Jul 22, 2022

Tracked Since Feb 18, 2026