CVE-2022-50595 – This vulnerability allows remote attackers to b... (How to Fix)

Q: What is the severity of CVE-2022-50595?

CVE-2022-50595 has a CVSS score of 7.2 (HIGH). This vulnerability allows remote attackers to bypass authentication and execute SQL injection via the 'ztp_search_value' parameter in Advantech iView's SNMP management tool. Successful exploitation leads to remote code execution with administrator privileges. Organizations using Advantech iView versions prior to v5.7.04 build 6425 are affected.

📋 TL;DR

This vulnerability allows remote attackers to bypass authentication and execute SQL injection via the 'ztp_search_value' parameter in Advantech iView's SNMP management tool. Successful exploitation leads to remote code execution with administrator privileges. Organizations using Advantech iView versions prior to v5.7.04 build 6425 are affected.

💻 Affected Systems

Products:

Advantech iView

Versions: All versions prior to v5.7.04 build 6425

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the SNMP management tool component of iView. No special configuration required for exploitation.

📦 What is this software?

Iview by Advantech

View all CVEs affecting Iview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining administrator privileges, executing arbitrary code, and potentially pivoting to other systems.

🟠

Likely Case

Data exfiltration, system manipulation, or installation of persistent backdoors on vulnerable iView instances.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit combines authentication bypass with SQL injection to achieve RCE. Public technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.7.04 build 6425 or later

Vendor Advisory: https://www.advantech.tw/support/details/firmware?id=1-HIPU-183

Restart Required: Yes

Instructions:

1. Download iView v5.7.04 build 6425 or later from Advantech support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the iView service.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to iView SNMP management interface using firewall rules

iptables -A INPUT -p tcp --dport [iView-port] -s [trusted-ips] -j ACCEPT
iptables -A INPUT -p tcp --dport [iView-port] -j DROP

Disable SNMP Management Tool

linux

Temporarily disable the vulnerable SNMP management component if not required

systemctl stop iview-snmp
chkconfig iview-snmp off

🧯 If You Can't Patch

Implement strict network segmentation to isolate iView systems from untrusted networks
Deploy web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check iView version in web interface or configuration files. Versions below v5.7.04 build 6425 are vulnerable.

Check Version:

Check web interface or configuration files for version information

Verify Fix Applied:

Verify version is v5.7.04 build 6425 or higher and test SNMP management interface functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in iView logs
Multiple failed authentication attempts followed by successful access
Unexpected process execution from iView service

Network Indicators:

HTTP requests to NetworkServlet endpoint with ztp_search_value parameter containing SQL syntax
Outbound connections from iView system to unexpected destinations

SIEM Query:

source="iView" AND (uri="*NetworkServlet*" AND params="*ztp_search_value*" AND (params="*SELECT*" OR params="*UNION*" OR params="*INSERT*"))

📊 Metadata

CVE ID: CVE-2022-50595

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.3% exploit probability (52.9th percentile)

Published: November 6, 2025

Last Updated: November 24, 2025

🔗 References

https://blog.exodusintel.com/2022/03/01/advantech-iview-ztp_search_value-parameter-sql-injection-remote-code-execution-vulnerability/ Third Party Advisory
https://www.advantech.tw/support/details/firmware?id=1-HIPU-183 Vendor Advisory
https://www.vulncheck.com/advisories/advantech-iview-ztpsearchvalue-parameter-sqli-rce Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50595, you might also want to check these: