) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:advantech:eki-1521_firmware:1.09:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-4203 |
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. Published: August 08, 2023; 7:15:12 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-4202 |
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. Published: August 08, 2023; 7:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-2575 |
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. Published: May 08, 2023; 9:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-2574 |
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. Published: May 08, 2023; 9:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-2573 |
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. Published: May 08, 2023; 9:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |