Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 15, 2025

Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure

CVE-2022-50591

Description

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.

Affected products

Advantech/iViewllm-fuzzy
Range: <5.7.04 build 6425
Advantech/iViewv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.advantech.tw/support/details/firmwaremitrerelease-notespatch
www.vulncheck.com/advisories/advantech-iview-ztpconfigid-parameter-sqli-information-disclosuremitrethird-party-advisory
blog.exodusintel.com/2022/03/01/advantech-iview-ztp_config_id-parameter-sql-injection-information-disclosure-vulnerability/mitretechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000