Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting

St. Pölten UAS ------------------------------------------------------------------------------- title| Multiple XSS in Advantech product| Advantech EKI-1524-CE series, EKI-1522 series, | EKI-1521 series vulnerable version| =1.21 CVE-2023-4202, =1.24 CVE-2023-4203 fixed version| 1.26 CVE number|...

CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4202

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

Cross site scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203

CVE-2023-4203 affects Advantech EKI-1521/1522/1524 device servers up to version 1.21 (and related 1.24 line) with a stored XSS in the web-interface ping tool, exploitable by authenticated users. The issue is documented across multiple sources (NVD, Red Hat, CISA/ICS advisory, and PacketStorm) and...

CVE-2023-4202 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

CVE-2023-4202

Advantech EKI-1524/1522/1521 devices (through version 1.21; affected 1.21) are affected by a Stored Cross-Site Scripting vulnerability in the web-interface device-name field. Root cause: insufficient input handling allows authenticated users to inject scripts, enabling XSS in the affected UI. Pub...

CVE-2023-4202 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

Advantech Cross-Site Scripting Vulnerability

Advantech, an application of Advantech Corporation of China, provides intelligent electric bus management systems. A security vulnerability exists in Advantech EKI-1524, EKI-1522, EKI-1521 1.21 and earlier versions, which stems from the presence of a stored cross-site scripting vulnerability...

Advantech EKI-15XX Series Command Injection / Buffer Overflow

CyberDanube Security Research 20230511-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| EKI-1524-CE series, EKI-1522 series, EKI-1521 series vulnerable version| 1.21 fixed version| 1.24 CVE number| CVE-2023-2573,...

CVE-2023-2573

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...

CVE-2023-2574

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request...

Command injection

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request...

CVE-2023-2573

The CVE-2023-2573 issue affects Advantech EKI-1521/1522/1524 devices up to firmware 1.21. The vulnerability is a command injection in the NTP server input field that can be triggered by authenticated users via a crafted POST request, exposing confidentiality, integrity, and availability (CVSS v3....

CVE-2023-2574

The CVE-2023-2574 entry affects Advantech EKI-1524, EKI-1522, and EKI-1521 devices up to firmware version 1.21, where an authenticated user can trigger a command injection through the device-name input in a crafted POST request. Concrete details in connected sources indicate vulnerable versions (...

CVE-2023-2574 Authenticated Command Injection

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request...

CVE-2023-2575

Advantech EKI-1524, EKI-1522, and EKI-1521 devices up to firmware version 1.21 are affected by a stack-based buffer overflow that can be triggered by an authenticated user via a crafted POST request. The issue is documented as CVE-2023-2575. A public write-up from CyberDanube/PacketStorm confirms...

CVE-2023-2575 Authenticated Buffer Overflow

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request...