An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
Se ha descubierto un problema de desreferencia de puntero no fiable en Advantech WebAccess en versiones anteriores a la 8.3. Hay múltiples vulnerabilidades que podrían permitir que un atacante haga que el programa emplee una dirección de memoria no válida, lo que resulta en un cierre inesperado del programa.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of the command line in the cnvlgxtag utility. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this functionality to execute code under the context of Administrator.
