Advantech Wise-deviceon_server
11 CVEs affecting Advantech Wise-deviceon_server. Latest disclosed: 2025-12-05. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-34256 | Critical | 9.8 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for sign… |
CVE-2025-34266 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/addins/menus endpoi… |
CVE-2025-34265 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an au… |
CVE-2025-34264 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/{agentId} endpoint. When an a… |
CVE-2025-34263 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/dashboards/menus en… |
CVE-2025-34262 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devices/name/{agent_id} endpoint… |
CVE-2025-34261 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicegroups/ endpoint. When an a… |
CVE-2025-34260 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/schedule endpoint. When an… |
CVE-2025-34259 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/building endpoint. When… |
CVE-2025-34258 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/plan endpoint. When an… |
CVE-2025-34257 | Medium | 5.4 | 2025-12-05 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/defined endpoint. When an… |