Advantech WebAccess Dashboard Viewer Remote Code Execution Exploit

This module exploits an arbitrary file upload vulnerability in Advantech WebAccess. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the FileUpload script allows unauthenticated callers to upload arbitrary code to directories in the server where the code can be automatically executed under the high-privilege context of the IIS AppPool. Authentication is not required to exploit this vulnerability.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2016-0854
Product Version: 
2016_R1
Released Date: 
Friday, May 27, 2016 - 00:00