CVE-2022-50591 – This vulnerability allows remote attackers to b... (How to Fix)

Q: What is the severity of CVE-2022-50591?

CVE-2022-50591 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to bypass authentication and execute SQL injection attacks on Advantech iView systems. Attackers can exfiltrate user data including clear text passwords. Organizations using Advantech iView versions before v5.7.04 build 6425 are affected.

📋 TL;DR

This vulnerability allows remote attackers to bypass authentication and execute SQL injection attacks on Advantech iView systems. Attackers can exfiltrate user data including clear text passwords. Organizations using Advantech iView versions before v5.7.04 build 6425 are affected.

💻 Affected Systems

Products:

Advantech iView

Versions: All versions prior to v5.7.04 build 6425

Operating Systems: Not specified - likely various Windows and Linux distributions

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the SNMP management tool component of iView. The vulnerability exists in the NetworkServlet endpoint.

📦 What is this software?

Iview by Advantech

View all CVEs affecting Iview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the iView system with exfiltration of all user credentials and sensitive data, potentially leading to lateral movement within the network.

🟠

Likely Case

Exfiltration of user credentials and sensitive configuration data from the iView database.

🟢

If Mitigated

Limited impact if system is isolated behind firewalls with strict network controls and monitoring.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-facing systems immediate targets.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated attackers to compromise the system and potentially move laterally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability combines authentication bypass with SQL injection, making exploitation straightforward. Public technical details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.7.04 build 6425

Vendor Advisory: https://www.advantech.tw/support/details/firmware?id=1-HIPU-183

Restart Required: Yes

Instructions:

1. Download the patched version v5.7.04 build 6425 from Advantech support portal. 2. Backup current configuration and data. 3. Install the update following vendor instructions. 4. Restart the iView service or system.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate iView systems from untrusted networks and restrict access to only necessary IP addresses.

Disable SNMP Management Tool

all

Temporarily disable the vulnerable SNMP management tool component if not required.

🧯 If You Can't Patch

Implement strict network access controls to limit access to iView systems only from trusted management networks.
Deploy web application firewall (WAF) rules to block SQL injection patterns targeting the NetworkServlet endpoint.

🔍 How to Verify

Check if Vulnerable:

Check iView version in the web interface or configuration files. Versions before v5.7.04 build 6425 are vulnerable.

Check Version:

Check the iView web interface under System Information or examine configuration files for version details.

Verify Fix Applied:

Verify the version shows v5.7.04 build 6425 or later in the iView interface or configuration.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed authentication attempts followed by successful access
Requests to NetworkServlet endpoint with suspicious parameters

Network Indicators:

HTTP requests to /NetworkServlet with SQL injection patterns in parameters
Unusual outbound database connections from iView system

SIEM Query:

source="iView_logs" AND (uri="/NetworkServlet" AND (param="ztp_config_id" AND value MATCH "[';]"))

📊 Metadata

CVE ID: CVE-2022-50591

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.16% exploit probability (37.3th percentile)

Published: November 6, 2025

Last Updated: November 24, 2025

🔗 References

https://blog.exodusintel.com/2022/03/01/advantech-iview-ztp_config_id-parameter-sql-injection-information-disclosure-vulnerability/ Third Party Advisory
https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 Vendor Advisory
https://www.vulncheck.com/advisories/advantech-iview-ztpconfigid-parameter-sqli-information-disclosure Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50591, you might also want to check these: