Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. The flaws reside in several scripts inside of R-SeeNets web applications. An attacker could exploit the flaws execute arbitrary JavaScript code in the targeted user browser, execute arbitrary OS commands, and execute PHP commands, reads the advisory published by Talos researchers. The experts decided to publicly disclose the vulnerabilities after Advantec failed to address them within the 90-day deadline.”]
Source: https://securityaffairs.co/wordpress/120307/iot/advantech-router-monitoring-tool-flaws.html