8.8

CVE-2023-2575

Exploit

Authenticated Buffer Overflow

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdvantechEki-1521 Firmware Version <= 1.21
   AdvantechEki-1521 Version-
AdvantechEki-1522 Firmware Version <= 1.21
   AdvantechEki-1522 Version-
AdvantechEki-1524 Firmware Version <= 1.21
   AdvantechEki-1524 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.71% 0.966
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
office@cyberdanube.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://packetstormsecurity.com/files/172307/Advantech-EKI-15XX-Series-Command-Injection-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2023/May/4
Third Party Advisory
Exploit
https://cyberdanube.com/en/multiple-vulnerabilities-in-advantech-eki-15xx-series/
Third Party Advisory
Exploit
https://www.advantech.com/en/support/details/firmware?id=1-1J9BEBL
Patch
Product
https://www.advantech.com/en/support/details/firmware?id=1-1J9BECT
Patch
Product
https://www.advantech.com/en/support/details/firmware?id=1-1J9BED3
Patch
Product