CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-4203 – Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4203
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. Los dispositivos Advantech EKI-1524, EKI-1522, EKI-1521 hasta la versión 1.21 están afectados por una vulnerabilidad Cross-Site Scripting (XSS) Almacenado, que puede ser activada por usuarios autenticados en la herramienta ping de la interfaz web. Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2023/Aug/13 https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-4202 – Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4202
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. Los dispositivos Advantech EKI-1524, EKI-1522, EKI-1521 hasta la versión 1.21 están afectados por una vulnerabilidad de secuencias de comandos cruzadas almacenadas, que puede ser activada por usuarios autenticados en el campo del nombre del dispositivo de la interfaz web. Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/174153/Advantech-EKI-1524-CE-EKI-1522-EKI-1521-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2023/Aug/13 https://cyberdanube.com/en/en-st-polten-uas-multiple-vulnerabilities-in-advantech-eki-15xx-series • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 2CVE-2023-2573 – Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2023-2573
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html http://seclists.org/fulldisclosure/2023/May/4 https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 2CVE-2023-2574 – Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2023-2574
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html http://seclists.org/fulldisclosure/2023/May/4 https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2023-2575 – Authenticated Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-2575
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html http://seclists.org/fulldisclosure/2023/May/4 https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •