CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 2CVE-2023-4203 – Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4203
08 Aug 2023 — Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. Los dispositivos Advantech EKI-1524, EKI-1522, EKI-1521 hasta la versión 1.21 están afectados por una vulnerabilidad Cross-Site Scripting (XSS) Almacenado, que puede ser activada por usuarios autenticados en la herramienta ping de la interfaz web. Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521... • https://packetstorm.news/files/id/174153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 2CVE-2023-4202 – Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4202
08 Aug 2023 — Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. Los dispositivos Advantech EKI-1524, EKI-1522, EKI-1521 hasta la versión 1.21 están afectados por una vulnerabilidad de secuencias de comandos cruzadas almacenadas, que puede ser activada por usuarios autenticados en el campo del nombre del dispositivo de la interfaz web. Advantech EKI-1524-CE ser... • https://packetstorm.news/files/id/174153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 2%CPEs: 6EXPL: 3CVE-2023-2573 – Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2023-2573
08 May 2023 — Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • https://packetstorm.news/files/id/172307 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 6EXPL: 3CVE-2023-2574 – Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2023-2574
08 May 2023 — Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • https://packetstorm.news/files/id/172307 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 6EXPL: 3CVE-2023-2575 – Authenticated Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-2575
08 May 2023 — Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulne... • https://packetstorm.news/files/id/172307 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •