CVE-2023-2574 Authenticated Command Injection

🗓️ 08 May 2023 12:28:59Reported by CyberDanubeType

Command Injection Vulnerability in Advantech EKI-1524, EKI-1522, EKI-1521 Devices

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the microprogramming software of Advantech EKI-1524, EKI-1522, and EKI-1521 allows a perpetrator to execute arbitrary commands.	22 Sep 202300:00	–	bdu_fstec
Circl	CVE-2023-2574	8 May 202316:51	–	circl
CNNVD	Advantech 命令注入漏洞	8 May 202300:00	–	cnnvd
CVE	CVE-2023-2574	8 May 202312:28	–	cve
EUVD	EUVD-2023-34052	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2574	8 May 202313:15	–	nvd
OSV	CVE-2023-2574	8 May 202313:15	–	osv
Packet Storm	Advantech EKI-15XX Series Command Injection / Buffer Overflow	12 May 202300:00	–	packetstorm
Prion	Command injection	8 May 202313:15	–	prion
Vulnrichment	CVE-2023-2574 Authenticated Command Injection	8 May 202312:28	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EKI-1524",
    "vendor": "Advantech",
    "versions": [
      {
        "lessThanOrEqual": "1.21",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EKI-1522",
    "vendor": "Advantech",
    "versions": [
      {
        "lessThanOrEqual": "1.21",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EKI-1521",
    "vendor": "Advantech",
    "versions": [
      {
        "lessThanOrEqual": "1.21",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cyberdanube	www.cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/
seclists	www.seclists.org/fulldisclosure/2023/May/4
advantech	www.advantech.com/en/support/details/firmware
packetstormsecurity	www.packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html
advantech	www.advantech.com/en/support/details/firmware
advantech	www.advantech.com/en/support/details/firmware

12 May 2023 17:06Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.8

EPSS0.06357

CWE-78