The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 lies in the ability to inject commands into the input field of the NTP server, allowing a perpetrator to execute arbitrary code.

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 lies in the ability to inject commands into the input field of the NTP server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted POST request...

The vulnerability of microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches stems from the lack of protective measures for website structures. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the...

The vulnerability of the microprogramming software of Advantech EKI-1524, EKI-1522, and EKI-1521 allows a perpetrator to execute arbitrary commands.

The vulnerability of microprogrammed software in the serial interface servers of Advantech EKI-1524, EKI-1522, and EKI-1521 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to...

Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting

St. Pölten UAS ------------------------------------------------------------------------------- title| Multiple XSS in Advantech product| Advantech EKI-1524-CE series, EKI-1522 series, | EKI-1521 series vulnerable version| =1.21 CVE-2023-4202, =1.24 CVE-2023-4203 fixed version| 1.26 CVE number|...

CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4202

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

Cross site scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203

CVE-2023-4203 affects Advantech EKI-1521/1522/1524 device servers up to version 1.21 (and related 1.24 line) with a stored XSS in the web-interface ping tool, exploitable by authenticated users. The issue is documented across multiple sources (NVD, Red Hat, CISA/ICS advisory, and PacketStorm) and...

CVE-2023-4202 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

CVE-2023-4202

Advantech EKI-1524/1522/1521 devices (through version 1.21; affected 1.21) are affected by a Stored Cross-Site Scripting vulnerability in the web-interface device-name field. Root cause: insufficient input handling allows authenticated users to inject scripts, enabling XSS in the affected UI. Pub...

CVE-2023-4202 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

Advantech Cross-Site Scripting Vulnerability

Advantech, an application of Advantech Corporation of China, provides intelligent electric bus management systems. A security vulnerability exists in Advantech EKI-1524, EKI-1522, EKI-1521 1.21 and earlier versions, which stems from the presence of a stored cross-site scripting vulnerability...

Advantech EKI-15XX Series Command Injection / Buffer Overflow

CyberDanube Security Research 20230511-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| EKI-1524-CE series, EKI-1522 series, EKI-1521 series vulnerable version| 1.21 fixed version| 1.24 CVE number| CVE-2023-2573,...

CVE-2023-2573

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...

CVE-2023-2574

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request...

Command injection

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request...

CVE-2023-2573

The CVE-2023-2573 issue affects Advantech EKI-1521/1522/1524 devices up to firmware 1.21. The vulnerability is a command injection in the NTP server input field that can be triggered by authenticated users via a crafted POST request, exposing confidentiality, integrity, and availability (CVSS v3....

CVE-2023-2574 Authenticated Command Injection

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request...