The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 allows a perpetrator to execute arbitrary codes.

The vulnerability of microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches lies in the ability to write code outside the buffer memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted POST requests...

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 lies in the ability to inject commands into the input field of the NTP server, allowing a perpetrator to execute arbitrary code.

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 lies in the ability to inject commands into the input field of the NTP server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted POST request...

The vulnerability of microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches stems from the lack of protective measures for website structures. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the...

Advantech EKI-1524-CE series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Advantech Equipment : EKI-1524-CE, EKI-1522-CE, EKI-1521-CE Vulnerabilities : Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of these...

The vulnerability of the microprogramming software of Advantech EKI-1524, EKI-1522, and EKI-1521 allows a perpetrator to execute arbitrary commands.

The vulnerability of microprogrammed software in the serial interface servers of Advantech EKI-1524, EKI-1522, and EKI-1521 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to...

Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting

St. Pölten UAS ------------------------------------------------------------------------------- title| Multiple XSS in Advantech product| Advantech EKI-1524-CE series, EKI-1522 series, | EKI-1521 series vulnerable version| =1.21 CVE-2023-4202, =1.24 CVE-2023-4203 fixed version| 1.26 CVE number|...

CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4202

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

Cross site scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

CVE-2023-4203

CVE-2023-4203 affects Advantech EKI-1521/1522/1524 device servers up to version 1.21 (and related 1.24 line) with a stored XSS in the web-interface ping tool, exploitable by authenticated users. The issue is documented across multiple sources (NVD, Red Hat, CISA/ICS advisory, and PacketStorm) and...

CVE-2023-4202 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

CVE-2023-4202

Advantech EKI-1524/1522/1521 devices (through version 1.21; affected 1.21) are affected by a Stored Cross-Site Scripting vulnerability in the web-interface device-name field. Root cause: insufficient input handling allows authenticated users to inject scripts, enabling XSS in the affected UI. Pub...

CVE-2023-4202 Stored Cross-Site Scripting

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface...

Advantech Cross-Site Scripting Vulnerability

Advantech, an application of Advantech Corporation of China, provides intelligent electric bus management systems. A security vulnerability exists in Advantech EKI-1524, EKI-1522, EKI-1521 1.21 and earlier versions, which stems from the presence of a stored cross-site scripting vulnerability...

PT-2023-5481 · Advantech · Eki-1522 +2

Name of the Vulnerable Software and Affected Versions: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 Description: The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the device name field of the...

Advantech EKI-15XX Series Command Injection / Buffer Overflow

CyberDanube Security Research 20230511-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| EKI-1524-CE series, EKI-1522 series, EKI-1521 series vulnerable version| 1.21 fixed version| 1.24 CVE number| CVE-2023-2573,...

CVE-2023-2573

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...