Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html | |
http://seclists.org/fulldisclosure/2023/May/4 | Exploit Third Party Advisory |
https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/ | Exploit Third Party Advisory |
https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL | Patch Product |
https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT | Patch Product |
https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 | Patch Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
12 May 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2023, 14:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 - Patch, Product | |
References | (MISC) https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL - Patch, Product | |
References | (MISC) https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/ - Exploit, Third Party Advisory | |
References | (MISC) https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT - Patch, Product | |
References | (MISC) http://seclists.org/fulldisclosure/2023/May/4 - Exploit, Third Party Advisory | |
First Time |
Advantech
Advantech eki-1521 Firmware Advantech eki-1524 Advantech eki-1522 Advantech eki-1524 Firmware Advantech eki-1522 Firmware Advantech eki-1521 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:advantech:eki-1521_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:advantech:eki-1524:-:*:*:*:*:*:*:* cpe:2.3:h:advantech:eki-1521:-:*:*:*:*:*:*:* cpe:2.3:h:advantech:eki-1522:-:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-1522_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:advantech:eki-1524_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-787 |
12 May 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 May 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 May 2023, 13:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-08 13:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-2575
Mitre link : CVE-2023-2575
CVE.ORG link : CVE-2023-2575
JSON object : View
Products Affected
advantech
- eki-1521
- eki-1521_firmware
- eki-1524
- eki-1522
- eki-1522_firmware
- eki-1524_firmware