CVE-2023-2574

Summary

CVE	CVE-2023-2574
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-05-08 13:15:00 UTC
Updated	2023-05-12 18:15:00 UTC
Description	Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.

Risk And Classification

Problem Types: CWE-77

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Advantech	Eki-1521	-	All	All	All
Operating System	Advantech	Eki-1521 Firmware	All	All	All	All
Hardware	Advantech	Eki-1522	-	All	All	All
Operating System	Advantech	Eki-1522 Firmware	All	All	All	All
Hardware	Advantech	Eki-1524	-	All	All	All
Operating System	Advantech	Eki-1524 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Firmware for EKI-1524-CE/EKI-1524I-CE/EKI-1524CI-CE - Advantech Support - Advantech	MISC	www.advantech.com
Firmware for EKI-1521-CE/EKI-1521I-CE/EKI-1521CI-CE - Advantech Support - Advantech	MISC	www.advantech.com
Advantech EKI-15XX Series Command Injection / Buffer Overflow ≈ Packet Storm	MISC	packetstormsecurity.com
Firmware for EKI-1522-CE/EKI-1522I-CE/EKI-1522CI-CE - Advantech Support - Advantech	MISC	www.advantech.com
Full Disclosure: CyberDanube Security Research 20230511-0 \| Multiple Vulnerabilities in Advantech EKI-15XX Series	MISC	seclists.org
[EN] Multiple Vulnerabilities in Advantech EKI-15XX Series - CyberDanube	MISC	cyberdanube.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.