Authenticated Buffer Overflow
CVE-2023-2575

8.8HIGH

Key Information:

Vendor: Advantech
Status: Eki-1524; Eki-1522; Eki-1521
Vendor: CVE Published:; 8 May 2023

What is CVE-2023-2575?

The Advantech EKI-1524, EKI-1522, and EKI-1521 devices through version 1.21 are susceptible to a Stack-based Buffer Overflow vulnerability. This can be exploited by authenticated users who send specially crafted POST requests, potentially compromising the integrity and availability of these devices. Users are advised to implement available patches promptly to mitigate risks associated with this vulnerability.

Affected Version(s)

EKI-1521 0 <= 1.21

EKI-1522 0 <= 1.21

EKI-1524 0 <= 1.21

References

https://www.advantech.com/en/support/details/firmware?id=...

patch

https://www.advantech.com/en/support/details/firmware?id=...

patch

https://www.advantech.com/en/support/details/firmware?id=...

patch

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2023
Vulnerability Reserved
May 8, 2023

Credit

S. Dietz (CyberDanube)

T. Weber (CyberDanube)