Advantech Eki-1521 vulnerabilities
5 known vulnerabilities affecting advantech/eki-1521.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-2575P2HIGHCVSS 8.8≤ 1.212023-05-08
CVE-2023-2575 [HIGH] CWE-121 CVE-2023-2575: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Ove
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
nvd
CVE-2023-2574P2HIGHCVSS 8.8≤ 1.212023-05-08
CVE-2023-2574 [HIGH] CWE-78 CVE-2023-2574: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vul
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.
nvd
CVE-2023-2573P2HIGHCVSS 8.8≤ 1.212023-05-08
CVE-2023-2573 [HIGH] CWE-78 CVE-2023-2573: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vul
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
nvd
CVE-2023-4203P4MEDIUMCVSS 5.4≤ 1.242023-08-08
CVE-2023-4203 [MEDIUM] CWE-79 CVE-2023-4203: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scri
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
nvd
CVE-2023-4202P4MEDIUMCVSS 5.4≤ 1.212023-08-08
CVE-2023-4202 [MEDIUM] CWE-79 CVE-2023-4202: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scri
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
nvd