### [CVE-2021-22652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22652)
![](https://img.shields.io/static/v1?label=Product&message=Advantech%20iView&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=iView%20versions%20prior%20to%20v5.7.03.6112%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=MISSING%20AUTHENTICATION%20FOR%20CRITICAL%20FUNCTION%20CWE-306&color=brightgreen)

### Description

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

### POC

#### Reference
- http://packetstormsecurity.com/files/161937/Advantech-iView-Unauthenticated-Remote-Code-Execution.html

#### Github
- https://github.com/ARPSyndicate/cvemon