CVE-2022-50591
Published: 06 November 2025
Summary
CVE-2022-50591 is a critical-severity SQL Injection (CWE-89) vulnerability in Advantech Iview. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Information Input Validation directly prevents SQL injection attacks by ensuring the 'ztp_config_id' parameter in NetworkServlet rejects malicious payloads.
Permitted Actions Without Identification or Authentication ensures no critical functions like the SNMP tool bypass to NetworkServlet are allowed without proper authentication.
Flaw Remediation mandates timely patching of the vulnerability as recommended by Advantech, preventing exploitation in affected iView versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated remote exploitation of a public-facing web application (NetworkServlet) via SNMP tool bypass (T1190) and SQL injection for database data exfiltration including cleartext passwords (T1213.006).
NVD Description
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful…
more
exploitation allows for the exfiltration of user data, included clear text passwords.
Deeper analysisAI
CVE-2022-50591 is a critical vulnerability in Advantech iView versions prior to v5.7.04 build 6425. It exists within the SNMP management tool, where attackers can bypass authentication checks to access a SQL injection flaw in the ‘ztp_config_id’ parameter of the ‘NetworkServlet’ endpoint. The issue, linked to CWE-89 (SQL Injection) and CWE-306 (Missing Authentication for Critical Function), carries a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction. By leveraging the SNMP tool to evade checks and injecting malicious payloads into the vulnerable parameter, they achieve high-impact confidentiality, integrity, and availability effects, primarily through exfiltration of user data including cleartext passwords.
Advantech recommends upgrading to iView v5.7.04 build 6425 or later to mitigate the vulnerability, as detailed in their firmware support advisory. Additional technical analysis and exploitation details are provided in advisories from Exodus Intelligence and VulnCheck.
Details
- CWE(s)