Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html | |
http://seclists.org/fulldisclosure/2023/May/4 | Exploit Third Party Advisory |
https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/ | Exploit Third Party Advisory |
https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL | Patch Product |
https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT | Patch Product |
https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3 | Patch Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: CyberDanube
Published: 2023-05-08T12:33:06.707Z
Updated: 2023-05-11T11:14:33.348Z
Reserved: 2023-05-08T11:13:17.725Z
Link: CVE-2023-2573
JSON object: View
NVD Information
Status : Modified
Published: 2023-05-08T13:15:09.710
Modified: 2023-05-12T18:15:09.617
Link: CVE-2023-2573
JSON object: View
Redhat Information
No data.