MUST READ

Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT

 | 

Jaguar Land Rover discloses a data breach after recent cyberattack

 | 

Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts

 | 

Google Pixel 10 adds C2PA to camera and Photos to spot AI-generated or edited images

 | 

KillSec Ransomware is Attacking Healthcare Institutions in Brazil

 | 

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

 | 

SAP September 2025 Patch Day fixed 4 critical flaws

 | 

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

 | 

LunaLock Ransomware threatens victims by feeding stolen data to AI models

 | 

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

 | 

Canadian investment platform Wealthsimple disclosed a data breach

 | 

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

 | 

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61

 | 

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qantas cuts executive bonuses by 15% after a July data breach

 | 

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

 | 

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

Experts disclose critical flaws in Advantech router monitoring tool

Pierluigi Paganini July 19, 2021

Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech.

Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed by industrial and IoT firm Advantech. The application allows network administrators to monitor Advantech routers in their infrastructure.

The monitoring tool collects information from routers in the network and stores it into a SQL database. The flaws discovered by Talos reside in several scripts inside of R-SeeNet’s web applications. 

An attacker could exploit the flaws execute arbitrary JavaScript code in the targeted user’s browser, execute arbitrary OS commands, and execute PHP commands.

“TALOS-2021-1270 (CVE-2021-21799), TALOS-2021-1271 (CVE-2021-21800) and TALOS-2021-1272 (CVE-2021-21801 – CVE-2021-21803) are all vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the context of the targeted user’s browser. An adversary could exploit any of these vulnerabilities by sending the target a malicious URL and tricking the user into opening it.Another command execution vulnerability, TALOS-2021-1274 (CVE-2021-21805), could allow an adversary to execute OS commands by sending the targeted device a specially crafted HTTP request.” reads the advisory published by Talos researchers.

“There is also a file inclusion vulnerability that could allow an attacker to execute arbitrary PHP commands. TALOS-2021-1273 (CVE-2021-21804) exists in R-SeeNet’s options.php script functionality and could be triggered via a malicious HTTP request.”

The flaws affect R-SeeNet version 2.4.12 and Talos team reported them to Advantech in March.

The experts decided to publicly disclose the vulnerabilities after Advantech failed to address them within the 90-day deadline, they also published proof-of-concept (PoC) exploits for the issues.

Cisco Talos also released SNORT rules 57290 – 57293, 57305 – 57309, 57338 and 57339, to detect exploitation attempts against the above flaws

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Advantech)

[adrotate banner=”5″]

[adrotate banner=”13″]

Advantech Cybersecurity cybersecurity news Hacking hacking news information security news Pierluigi Paganini R-SeeNet Security Affairs Security News

you might also like

Pierluigi Paganini September 11, 2025
Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT
Read more
Pierluigi Paganini September 11, 2025
Jaguar Land Rover discloses a data breach after recent cyberattack
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT

Malware / September 11, 2025

Jaguar Land Rover discloses a data breach after recent cyberattack

Data Breach / September 11, 2025

Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts

Security / September 10, 2025

Google Pixel 10 adds C2PA to camera and Photos to spot AI-generated or edited images

Security / September 10, 2025

KillSec Ransomware is Attacking Healthcare Institutions in Brazil

Cyber Crime / September 10, 2025